The investigation of robustness differences for variously-sized models in adversarial attacks and defense

Boyang Shen

doi:10.1117/12.3027117

1 April 2024 The investigation of robustness differences for variously-sized models in adversarial attacks and defense

Boyang Shen

Proceedings Volume 13077, Fourth International Conference on Signal Processing and Machine Learning (CONF-SPML 2024); 1307709 (2024) https://doi.org/10.1117/12.3027117
Event: 4th International Conference on Signal Processing and Machine Learning (CONF-SPML 2024), 2024, Chicago, IL, United States

Abstract

Adversarial attacks and defenses are central in deep learning, with various attack methods and defense strategies, including adversarial training, proposed over the years. However, limited research has examined the differences in robustness across models of different sizes. This study seeks to explore these robustness variations through the application of multiple attack methods and attention visualization techniques on four prominent models: VGG16, ResNet18, GoogleNet, and Vision Transformers, employing four popular adversarial attack methods—Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Carlini-Wagner (CW). Plain adversarial training was used as a defense mechanism. By comparing the resulting changes and discrepancies in correctness, a notable decrease is observed in the robustness of larger models compared to smaller ones after applying this defense strategy. This phenomenon is likely associated with the distinct feature extraction approaches employed by the larger model and its reduced training efficiency. From a practical standpoint, it is advisable to prioritize the use of smaller models in real-world applications. Additionally, techniques like knowledge distillation can be considered to enhance the correctness of smaller models while minimizing computational resource requirements.

(2024) Published by SPIE. Downloading of the abstract is permitted for personal use only.

Citation Download Citation

Boyang Shen "The investigation of robustness differences for variously-sized models in adversarial attacks and defense", Proc. SPIE 13077, Fourth International Conference on Signal Processing and Machine Learning (CONF-SPML 2024), 1307709 (1 April 2024); https://doi.org/10.1117/12.3027117

ACCESS THE FULL ARTICLE

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members: $17.00

Non-members: $21.00 ADD TO CART

PROCEEDINGS
9 PAGES

DOWNLOAD PAPER SAVE TO MY LIBRARY

GET CITATION

RIGHTS & PERMISSIONS

Get copyright permission Get copyright permission on Copyright Marketplace

KEYWORDS

Education and training

Defense and security

Visual process modeling

RGB color model

Feature extraction

Performance modeling

Data modeling

Show All Keywords

Keywords/Phrases

Search In:

Publication Years