Skip to main content
SpringerLink
Log in

GAN-Based Fusion Adversarial Training

  • Conference paper
  • First Online:
Knowledge Science, Engineering and Management (KSEM 2022)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 13370))

  • 1857 Accesses

Abstract

In the field of artificial intelligence security, adversarial machine learning has made breakthroughs. However, it is still vulnerable to attacks under a wide variety of adversarial samples, and adversarial training is a very effective method against a wide variety of adversarial sample attacks. However, adversarial training tends to improve the accuracy of the adversarial samples while reducing the accuracy of the original samples. Thus, the robustness of adversarial training is greatly reduced. In order to improve the robustness of adversarial training, this paper proposes a fusion adversarial training model based on Generate adversarial network (GAN), which is applied to the adversarial training process, and this unsupervised learning framework can better learn the distribution of samples to generate high-quality samples. By controlling the proportion of different training losses, we improve the classification accuracy of the adversarial training model while maintaining the relatively high accuracy of the model for the original samples, thus greatly improving the robustness of the adversarial training model. In this paper, we conduct experiments based on the Fashion-MNIST and CIFAR10 datasets, and the results show that our model has high accuracy on both the original and adversarial samples for both grayscale and color maps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zhang, Z., Cui, P., Zhu, W.: Deep learning on graphs: a survey. IEEE Trans. Knowl. Data Eng. (2020)

    Google Scholar 

  2. Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62–79. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_4

    Chapter  Google Scholar 

  3. Qiu, H., Qiu, M., Lu, Z.: Selective encryption on ecg data in body sensor network based on supervised machine learning. Inf. Fusion 55, 59–67 (2020)

    Article  Google Scholar 

  4. Qiu, M., Zhang, L., Ming, Z., Chen, Z., Qin, X., Yang, L.T.: Security-aware optimization for ubiquitous computing systems with seat graph approach. J. Comput. Syst. Sci. 79(5), 518–529 (2013)

    Article  MathSciNet  Google Scholar 

  5. Qiu, M., Gai, K., Xiong, Z.: Privacy-preserving wireless communications using bipartite matching in social big data. Future Gener. Comput. Syst. 87, 772–781 (2018)

    Article  Google Scholar 

  6. Qin, Y., Carlini, N., Cottrell, G., Goodfellow, I., Raffel. C.: Imperceptible, robust, and targeted adversarial examples for automatic speech recognition. In: International Conference on Machine Learning, pp. 5231–5240. PMLR (2019)

    Google Scholar 

  7. Lu, J., Sibai, H., Fabry, E.: Adversarial examples that fool detectors. arXiv preprint arXiv:1712.02494 (2017)

  8. Sharif, M., Bhagavatula, S., Bauer, L., Reiter, M.K.: Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1528–1540 (2016)

    Google Scholar 

  9. Goodfellow, I.J., Shlens, J., Szegedy C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)

  10. Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, vol. 27 (2014)

    Google Scholar 

  11. Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: ImageNet: a large-scale hierarchical image database. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition, pp. 248–255. IEEE (2009)

    Google Scholar 

  12. Nadkarni, P.M., Ohno-Machado, L., Chapman, W.W.: Natural language processing: an introduction. J. Am. Med. Inform. Assoc. 18(5), 544–551 (2011)

    Article  Google Scholar 

  13. Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)

  14. Dong, Y., et al.: Boosting adversarial attacks with momentum. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 9185–9193 (2018)

    Google Scholar 

  15. Athalye, A., Engstrom, L., Ilyas, A., Kwok, K.: Synthesizing robust adversarial examples. In: International Conference on Machine Learning, pp. 284–293. PMLR (2018)

    Google Scholar 

  16. Ghahramani, Z.: Unsupervised learning. In: Bousquet, O., von Luxburg, U., Rätsch, G. (eds.) ML -2003. LNCS (LNAI), vol. 3176, pp. 72–112. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28650-9_5

    Chapter  MATH  Google Scholar 

  17. Xiao, C., Li, B., Zhu, J.Y., He, W., Liu, M., Song, D.: Generating adversarial examples with adversarial networks. arXiv preprint arXiv:1801.02610 (2018)

  18. Zhang, H., Yu, Y., Jiao, J., Xing, E., El Ghaoui, L., Jordan, M.: Theoretically principled trade-off between robustness and accuracy. In: International Conference on Machine Learning, pp. 7472–7482. PMLR. (2019)

    Google Scholar 

  19. Carlini, N., et al.: On evaluating adversarial robustness. arXiv preprint arXiv:1902.06705 (2019)

  20. Xiao, H., Rasul, K., Vollgraf, R.: Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. arXiv preprint arXiv:1708.07747 (2017)

  21. Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images (2009)

    Google Scholar 

  22. Louizos, C., Swersky, K., Li, Y., Welling, M., Zemel, R.: The variational fair autoencoder. arXiv preprint arXiv:1511.00830 (2015)

  23. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)

    Google Scholar 

  24. Sudre, C.H., Li, W., Vercauteren, T., Ourselin, S., Jorge Cardoso, M.: Generalised dice overlap as a deep learning loss function for highly unbalanced segmentations. In: Cardoso, M.J., et al. (eds.) DLMIA/ML-CDS -2017. LNCS, vol. 10553, pp. 240–248. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67558-9_28

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Software, Yunnan University, Kunming, Yunnan, China

    Yifan Cao, Ying Lin, Shengfu Ning, Huan Pi, Junyuan Zhang & Jianpeng Hu

  2. Key Laboratory in Software Engineering of Yunnan Province, Kunming, China

    Ying Lin

Authors
  1. Yifan Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ying Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shengfu Ning
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Huan Pi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Junyuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jianpeng Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ying Lin .

Editor information

Editors and Affiliations

  1. Télécom Paris, Paris, France

    Gerard Memmi

  2. Purdue University, West Lafayette, IN, USA

    Baijian Yang

  3. Shanghai Jiao Tong University, Shanghai, Shanghai, China

    Linghe Kong

  4. Nanyang Technological University, Singapore, Singapore

    Tianwei Zhang

  5. Texas A&M University – Commerce, Commerce, TX, USA

    Meikang Qiu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cao, Y., Lin, Y., Ning, S., Pi, H., Zhang, J., Hu, J. (2022). GAN-Based Fusion Adversarial Training. In: Memmi, G., Yang, B., Kong, L., Zhang, T., Qiu, M. (eds) Knowledge Science, Engineering and Management. KSEM 2022. Lecture Notes in Computer Science(), vol 13370. Springer, Cham. https://doi.org/10.1007/978-3-031-10989-8_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10989-8_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10988-1

  • Online ISBN: 978-3-031-10989-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation