Loading...

Robustification of Deep Learning Structures Based Ongenerative Models

Haji Mohammadi, Reza | 2025

0 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 57899 (05)
  4. University: Sharif University of Technology
  5. Department: Electrical Engineering
  6. Advisor(s): Kazemi, Reza; Amini, Sajjad
  7. Abstract:
  8. In recent years, deep learning has experienced rapid and remarkable advancements, demonstrating exceptional performance in various applications such as computer vision, natural language processing, and autonomous vehicles. These models are continually evolving and expanding, yet they harbor inherent vulnerabilities that prevent complete trust in their reliability. One of the most critical issues is their susceptibility to adversarial attacks, where a clean image is subtly manipulated to create an adversarial example. Adversarial examples, generated by adding imperceptible perturbations to input data, can easily mislead deep learning models into making highly confident yet incorrect predictions. This poses significant risks for deploying these models in real-world scenarios, especially in security-sensitive domains. Over time, attack methods have become more sophisticated, prompting the development of various defense mechanisms to strengthen model robustness against these threats. A subset of defensive strategies leverages generative models to enhance robustness, as these models can recover clean images from adversarial ones. Among these generative models, energy-based models (EBMs), despite the emergence of newer alternatives, remain relevant due to their unique advantages. EBMs can be used to purify adversarial examples, thereby bolstering the resilience of deep learning models. Our proposed method utilizes adversarial examples during model training by explicitly treating them as points to minimize probability. Additionally, we train an energy-based model using different approach from prior works on image purification. These improvements, combined with other adjustments, resulted in final accuracies of 86.89%, 75.21%, and 42.41% on the MNIST, FashionMNIST, and CIFAR10 datasets, respectively, where accuracy had previously dropped to zero due to attacks. These accuracies reflect improvements of 10.52%, 20.48%, and 7.89% after adversarial training compared to models without such training on the respective datasets. This model training approach using adversarial data was tested on one of the advanced purification methods based on an energy-based model, resulting in a 1.1% improvement in final accuracy under identical conditions on the CIFAR-10 dataset. Finally, we designed an attack targeting the robust structure and analyzed the unique characteristics of adversarial examples for these fortified models. Notably, our proposed method was fully capable of countering this attack, further demonstrating its effectiveness
  9. Keywords:
  10. Reliability ; Adversarial Attacks ; Deep Learning ; Generative Models ; Image Purification ; Energy Based Models

 Digital Object List

 Bookmark

...see more