摘要
本研究探讨了基于随机竞争机制的激活函数——即随机局部 Winner-Takes-All(LWTA)——在抵御强大(基于梯度的)白盒与黑盒对抗攻击方面的潜力,尤其聚焦于对抗训练(Adversarial Training)场景。在本工作中,我们用由局部且随机竞争的线性单元构成的模块,替代传统的基于ReLU的非线性激活函数。由此,网络每一层的输出变为稀疏表示,其具体形式取决于各模块内“胜者采样”结果。训练与推理过程基于变分贝叶斯(Variational Bayesian)框架进行,并引入传统的基于PGD的对抗训练策略,以进一步提升模型整体的对抗鲁棒性。实验结果表明,所提出的网络在面对强大对抗攻击时展现出当前最先进的鲁棒性,同时在正常(良性)输入下仍保持极高的分类准确率。
代码仓库
基准测试
| 基准 | 方法 | 指标 |
|---|---|---|
| adversarial-defense-on-cifar-10 | Ours (Stochastic-LWTA/PGD/WideResNet-34-1) | Accuracy: 81.87 Attack: AutoAttack: 74.71 |
| adversarial-defense-on-cifar-10 | Stochastic-LWTA/PGD/WideResNet-34-10 | Accuracy: 84.3 Attack: AutoAttack: 82.6 |
| adversarial-defense-on-cifar-10 | Ours (Stochastic-LWTA/PGD/WideResNet-34-5) | Accuracy: 83.4 |
| adversarial-defense-on-cifar-10 | Stochastic-LWTA/PGD/WideResNet-34-5 | Attack: AutoAttack: 81.22 |
| adversarial-robustness-on-cifar-10 | Stochastic-LWTA/PGD/WideResNet-34-10 | Accuracy: 92.26 Attack: AutoAttack: 82.6 Robust Accuracy: 84.3 |
| adversarial-robustness-on-cifar-10 | Stochastic-LWTA/PGD/WideResNet-34-5 | Accuracy: 91.88 Attack: AutoAttack: 81.22 Robust Accuracy: 83.4 |