Page 227 - 《软件学报》2025年第5期
P. 227
王益民 等: 面向卷积神经网络泛化性和健壮性权衡的标签筛选方法 2127
λ T 设置为 0, 即训练 ALWR
可以选取较高的 λ A 值并将 模型. 对于需要权衡泛化性和健壮性的任务, 我们建议 λ A
值在 0.1 左右同时控制 λ T /λ A 值在 0.01–0.1 之间.
5 总结与展望
训练一个兼具泛化性和健壮性的模型一直是对抗学习中的重要目标. 本文提出的标签筛选权重参数正则化方
法, 利用干净样本和对抗样本的标签信息来筛选模型判断过程中起重要因素的权重参数, 并以正则化的方式对这
些权重参数进行优化达到提升模型性能的目的. 通过理论分析和实验证明, 该方法相比于其他健壮模型训练方法,
在权衡模型的泛化性和健壮性上具有更好的表现. 同时通过一系列消融实验, 证明了这一方法可以针对待定的学
习任务进行具体分析, 从而训练出更适合目标场景的模型. 在未来的工作中, 将更详细地探究所提方法中参数的变
化情况, 根据各正则项值的联系动态地调整超参数, 同时尝试把所提方法与其他模型进行结合, 并在更复杂的数据
集上进行实验, 给出更合理的, 具有高效性和实用性的模型性能权衡方案.
References:
[1] Lecun Y, Bottou L, Bengio Y, Haffner P. Gradient-based learning applied to document recognition. Proc. of the IEEE, 1998, 86(11):
2278–2324. [doi: 10.1109/5.726791]
[2] Krizhevsky A, Sutskever I, Hinton GE. ImageNet classification with deep convolutional neural networks. Communications of the ACM,
2017, 60(6): 84–90. [doi: 10.1145/3065386]
[3] Simonyan K, Zisserman A. Very deep convolutional networks for large-scale image recognition. In: Proc. of the 3rd Int’l Conf. on
Learning Representation. San Diego, 2015. 1–14.
[4] He KM, Zhang XY, Ren SQ, Sun J. Deep residual learning for image recognition. In: Proc. of the 2016 IEEE Conf. on Computer Vision
and Pattern Recognition. Las Vegas: IEEE, 2016. 770–778. [doi: 10.1109/CVPR.2016.90]
[5] Lu HY, Zhang M, Liu YQ, Ma SP. Convolution neural network feature importance analysis and feature selection enhanced model. Ruan
Jian Xue Bao/Journal of Software, 2017, 28(11): 2879–2890 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5349.
htm [doi: 10.13328/j.cnki.jos.005349]
[6] Bai C, Huang L, Chen JN, Pan X, Chen SY. Optimization of deep convolutional neural network for large scale image classification. Ruan
Jian Xue Bao/Journal of Software, 2018, 29(4): 1029–1038 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5404.
htm [doi: 10.13328/j.cnki.jos.005404]
[7] Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow IJ, Fergus R. Intriguing properties of neural networks. In: Proc. of the
2nd Int’l Conf. on Learning Representations. Banff, 2014. 1–10.
[8] Nguyen A, Yosinski J, Clune J. Deep neural networks are easily fooled: High confidence predictions for unrecognizable images. In: Proc.
of the 2015 IEEE Conf. on Computer Vision and Pattern Recognition. Boston: IEEE, 2015. 427–436. [doi: 10.1109/CVPR.2015.
7298640]
[9] Pan WW, Wang XY, Song ML, Chen C. Survey on generating adversarial examples. Ruan Jian Xue Bao/Journal of Software, 2020,
31(1): 67–81 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/5884.htm [doi: 10.13328/j.cnki.jos.005884]
[10] Goodfellow IJ, Shlens J, Szegedy C. Explaining and harnessing adversarial examples. In: Proc. of the 3rd Int’l Conf. on Learning
Representations. San Diego, 2015. 1–11.
[11] Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A. Towards deep learning models resistant to adversarial attacks. In: Proc. of the 6th
Int’l Conf. on Learning Representations. Vancouver: OpenReview.net, 2018. 1–28.
[12] Moosavi-Dezfooli SM, Fawzi A, Frossard P. DeepFool: A simple and accurate method to fool deep neural networks. In: Proc. of the 2016
IEEE Conf. on Computer Vision and Pattern Recognition. Las Vegas: IEEE, 2016. 2574–2582. [doi: 10.1109/CVPR.2016.282]
[13] Carlini N, Wagner D. Towards evaluating the robustness of neural networks. In: Proc. of the 2017 IEEE Symp. on Security and Privacy.
San Jose: IEEE, 2017. 39–57. [doi: 10.1109/SP.2017.49]
[14] Wei XX, Guo Y, Yu J. Adversarial sticker: A stealthy attack method in the physical world. IEEE Trans. on Pattern Analysis and Machine
Intelligence, 2023, 45(3): 2711–2725. [doi: 10.1109/TPAMI.2022.3176760]
[15] Wu T, Tong L, Vorobeychik Y. Defending against physically realizable attacks on image classification. In: Proc. of the 8th Int’l Conf. on
Learning Representation. Addis Ababa: OpenReview.net, 2020. 1–10.
[16] Lyu C, Huang KZ, Liang HN. A unified gradient regularization family for adversarial examples. In: Proc. of the 2015 IEEE Int’l Conf. on
