Report Open Access

Hypespherical class prototypes for adversarial robustness

Mygdalis Vasileios; Ioannis Pitas

MARC21 XML Export

<?xml version='1.0' encoding='UTF-8'?>
<record xmlns="">
  <controlfield tag="005">20210726134827.0</controlfield>
  <controlfield tag="001">5137295</controlfield>
  <datafield tag="700" ind1=" " ind2=" ">
    <subfield code="u">Aristoteleio Panepistimio Thessalonikis</subfield>
    <subfield code="a">Ioannis Pitas</subfield>
  <datafield tag="856" ind1="4" ind2=" ">
    <subfield code="s">407044</subfield>
    <subfield code="z">md5:b7ffd74afeaba3c12e2fc7b408567085</subfield>
    <subfield code="u"> class prototypes for adversarial robustness_.pdf</subfield>
  <datafield tag="542" ind1=" " ind2=" ">
    <subfield code="l">open</subfield>
  <datafield tag="260" ind1=" " ind2=" ">
    <subfield code="c">2021-07-26</subfield>
  <datafield tag="909" ind1="C" ind2="O">
    <subfield code="p">openaire</subfield>
    <subfield code="o"></subfield>
  <datafield tag="100" ind1=" " ind2=" ">
    <subfield code="u">Aristoteleio Panepistimio Thessalonikis</subfield>
    <subfield code="a">Mygdalis Vasileios</subfield>
  <datafield tag="245" ind1=" " ind2=" ">
    <subfield code="a">Hypespherical class prototypes for adversarial robustness</subfield>
  <datafield tag="536" ind1=" " ind2=" ">
    <subfield code="c">951911</subfield>
    <subfield code="a">A European Excellence Centre for Media, Society and Democracy</subfield>
  <datafield tag="540" ind1=" " ind2=" ">
    <subfield code="u"></subfield>
    <subfield code="a">Creative Commons Attribution 4.0 International</subfield>
  <datafield tag="650" ind1="1" ind2="7">
    <subfield code="a">cc-by</subfield>
    <subfield code="2"></subfield>
  <datafield tag="520" ind1=" " ind2=" ">
    <subfield code="a">&lt;pre&gt;This work addresses the problem of adversarial robustness in deep neural network classification from an optimal class boundary estimation perspective. It is argued that increased model robustness to adversarial attacks can be achieved when the feature learning process is monitored by geometrically-inspired optimization criteria. To this end, we propose to learn hyperspherical class prototypes in the neural feature embedding space, along with training the network parameters. Three concurrent optimization functions for the intermediate hidden layer training data activations are devised, requiring items of the same class to be enclosed by the corresponding class prototype boundaries, to have minimum distance from their class prototype vector (i.e., hypersphere center) and to have maximum distance from the remainder hypersphere centers. Our experiments show that training standard classification model architectures with the proposed objectives, significantly increases their robustness to white-box adversarial attacks, without adverse (if not beneficial) effects to their classification accuracy.&lt;/pre&gt;</subfield>
  <datafield tag="773" ind1=" " ind2=" ">
    <subfield code="n">doi</subfield>
    <subfield code="i">isVersionOf</subfield>
    <subfield code="a">10.5281/zenodo.5137294</subfield>
  <datafield tag="024" ind1=" " ind2=" ">
    <subfield code="a">10.5281/zenodo.5137295</subfield>
    <subfield code="2">doi</subfield>
  <datafield tag="980" ind1=" " ind2=" ">
    <subfield code="a">publication</subfield>
    <subfield code="b">report</subfield>
All versions This version
Views 4949
Downloads 3131
Data volume 12.6 MB12.6 MB
Unique views 3434
Unique downloads 2929


Cite as