Despite its great success,deep learning severely suffers from robustness;i.e.,deep neural networks are very vulnerable to adversarial attacks,even the simplest ones.Inspired by recent advances in brain science,we prop...Despite its great success,deep learning severely suffers from robustness;i.e.,deep neural networks are very vulnerable to adversarial attacks,even the simplest ones.Inspired by recent advances in brain science,we propose the denoised internal models(DIM),a novel generative autoencoder-based model to tackle this challenge.Simulating the pipeline in the human brain for visual signal processing,DIM adopts a two-stage approach.In the first stage,DIM uses a denoiser to reduce the noise and the dimensions of inputs,reflecting the information pre-processing in the thalamus.Inspired by the sparse coding of memory-related traces in the primary visual cortex,the second stage produces a set of internal models,one for each category.We evaluate DIM over 42 adversarial attacks,showing that DIM effectively defenses against all the attacks and outperforms the SOTA on the overall robustness on the MNIST(Modified National Institute of Standards and Technology)dataset.展开更多
基金supported by the Science and Technology Innovation 2030 Project of China(Nos.2021ZD02023501 and 2021ZD0202600)National Science Foundation of China(NSFC)(Nos.31970903,31671104,31371059 and 32225023)+1 种基金Shanghai Ministry of Science and Technology(No.19ZR1477400)NSFC and the German Research Foundation(DFG)in Project Crossmodal Learning(No.62061136001/TRR-169)。
文摘Despite its great success,deep learning severely suffers from robustness;i.e.,deep neural networks are very vulnerable to adversarial attacks,even the simplest ones.Inspired by recent advances in brain science,we propose the denoised internal models(DIM),a novel generative autoencoder-based model to tackle this challenge.Simulating the pipeline in the human brain for visual signal processing,DIM adopts a two-stage approach.In the first stage,DIM uses a denoiser to reduce the noise and the dimensions of inputs,reflecting the information pre-processing in the thalamus.Inspired by the sparse coding of memory-related traces in the primary visual cortex,the second stage produces a set of internal models,one for each category.We evaluate DIM over 42 adversarial attacks,showing that DIM effectively defenses against all the attacks and outperforms the SOTA on the overall robustness on the MNIST(Modified National Institute of Standards and Technology)dataset.
