  • 张维,易平.一种基于知识蒸馏的神经网络鲁棒性迁移方法[J].信息安全学报,2021,6(4):60-71    [点击复制]
  • ZHANG Wei,YI Ping.A Robust Transfer Method of Neural Network based on Knowledge Distillation[J].Journal of Cyber Security,2021,6(4):60-71   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭


过刊浏览    高级检索

本文已被:浏览 6178次   下载 4201 本文二维码信息
张维, 易平
(上海交通大学网络空间安全学院 上海 中国 200240)
关键词:  对抗样本  模型鲁棒性  迁移学习  知识蒸馏
A Robust Transfer Method of Neural Network based on Knowledge Distillation
ZHANG Wei, YI Ping
(School of Cyber Science and Engineering, Shanghai Jiao Tong University, Shanghai 200240, China)
In recent years, neural networks have shown very powerful performance in many fields, but researchers have found that by adding imperceptible interference to the input, neural network decisions can be changed. Such samples are called adversarial samples. At present, the most common method for defending adversarial examples is adversarial training, but the training cost of adversarial training is very high. We propose a knowledge purification scheme (Robust-KD) combining feature maps and Jacobian matrix constraints. By migrating robust features from a robust network, we can obtain considerable white box defense capabilities at relatively low training costs. We have conducted a lot of experiments on the Cifar10, Cifar100 and ImageNet datasets. Experiments have proved the effectiveness of the scheme. Even under a very powerful white box attack, our model still has good classification accuracy.
Key words:  adversarial examples  model robustness  transfer learning  knowledge distillation