论文标题
多样化的知识蒸馏(DKD):改善合奏模型对抗攻击的鲁棒性的解决方案
Diverse Knowledge Distillation (DKD): A Solution for Improving The Robustness of Ensemble Models Against Adversarial Attacks
论文作者
论文摘要
本文提出了一种对对抗性攻击具有抵抗力的合奏学习模型。为了建立韧性,我们引入了一个培训过程,每个成员都学会了一个完全不同的潜在空间。一次将成员模型一次添加到合奏中。同时,损失函数受到反向知识蒸馏的调节,迫使新成员学习不同的功能并将其映射到与现有成员的潜在空间。我们使用CIFAR10和MNIST数据集评估了拟议的解决方案在图像分类任务上的安全性和性能,并与最先进的防御方法相比显示了安全性和性能的提高。
This paper proposes an ensemble learning model that is resistant to adversarial attacks. To build resilience, we introduced a training process where each member learns a radically distinct latent space. Member models are added one at a time to the ensemble. Simultaneously, the loss function is regulated by a reverse knowledge distillation, forcing the new member to learn different features and map to a latent space safely distanced from those of existing members. We assessed the security and performance of the proposed solution on image classification tasks using CIFAR10 and MNIST datasets and showed security and performance improvement compared to the state of the art defense methods.
