论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks

1 引入

1.1 题目

  2016CVPR:简单愚弄深度神经网络 (DeepFool: A simple and accurate method to fool deep neural networks)

1.2 动机

  深度神经网络在图像分类任务上的成就毋庸置疑。然而,这些架构已被证明对图像的小扰动缺乏健壮性,目前也缺乏有效的方法来准确计算深度分类器应对大规模数据集上扰动的鲁棒性。本文则对这些鲁棒性进行可靠量化。

1.3 代码

  Torchhttp://github.com/lts4/deepfool

1.4 Bib

@inproceedings{Moosavi:2016:25742582,
author		=	{Seyed-Mohsen Moosavi-Dezfooli and Alhussein Fawzi and Pascal Frossard},
title		=	{Deep{F}ool: A simple and accurate method to fool deep neural networks},
booktitle	=	{{IEEE} Conference on Computer Vision and Pattern Recognition},
pages		=	{2574--2582},
year		=	{2016}
}

2 DeepFool

  对于给定的分类器,定义一个最小对抗性扰动论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks,其用于改变样本的评估标签论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks其中论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks是输入图像。该式也称为论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks在点论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks的健壮性,因此分类器论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks健壮性定义为:
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks其中论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks是数据集分布的期望。

3 DeepFool与二分类

  二分类问题下,有论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks,其中论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks是一个图像分类函数。令论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks表示论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks在0处的level set。首先分析线性分类器论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks的情况,然后推导出可以应用于任何可微分二分类器的通用算法。
  可以很容易看出线性论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks在点论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks处的鲁棒性,论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks等价于论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks到分隔超平面论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks的距离 (如图2),改变分类器决策的最小扰动对应于论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks的正交投影。一个用于描述该过程的封闭式公式如下:
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks

4 DeepFool与多分类

  一对多是最常用的多分类策略,因此我们基于该策略来扩展DeepFool到多分类上。在该设置下,分类器将有论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks个输出,因此分类器被定义为论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks且:
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks其中论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks在第论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks类上的输出。与二分类相似,首先分析线性情况并推广到其他分类器。

4.1 线性多分类器

  令论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks表示一个线性分类器,在一对多的策略下,愚弄分类器的最小扰动被重写为:
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks其中论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks的第论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks列。几何上,上述问题对应于计算论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks与凸多面体complement论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks之间的距离:
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks其中论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks是位于论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks内的点。我们定义这个距离论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks。多面体论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks定义了论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks输出标签论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks的空间区域,如图4所示。
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks

  公式6的解决方案可以用封闭形式计算如下。令论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks表示离论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks的边界最近的一个超平面,例如图4中的论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks。形式上,论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks可以计算为:
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks最小扰动论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks是将论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks投影到由论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks索引的超平面上的向量:
论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks换句话说,我们可以找到论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks论文阅读 (54):DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks的平面上的最近投影。

4.2 广义分类器

  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  

文章出处登录后可见!

已经登录?立即刷新

共计人评分,平均

到目前为止还没有投票!成为第一位评论此文章。

(0)
扎眼的阳光的头像扎眼的阳光普通用户
上一篇 2022年6月8日
下一篇 2022年6月8日

相关推荐