Improving adversarial robustness of traffic sign image recognition networks
(2022) In Displays 74.- Abstract
- The robustness of deep neural networks is an increasingly essential issue as they become more and more prevalent in several real-world applications like autonomous vehicles. If traffic signs turn to adversarial examples, an autonomous vehicle will probably be misled and cause fatal accidents. To improve adversarial robustness, a new cost function for training convolutional neural recognition networks is proposed in this paper. Recent works proved that by employing the classifier probabilities on the complement (incorrect) classes as well as the ground-truth class in Softmax Cross Entropy, the model achieves better performance on adversarial inputs. In this paper, we show that in addition to using the information from Softmax layer, the... (More)
- The robustness of deep neural networks is an increasingly essential issue as they become more and more prevalent in several real-world applications like autonomous vehicles. If traffic signs turn to adversarial examples, an autonomous vehicle will probably be misled and cause fatal accidents. To improve adversarial robustness, a new cost function for training convolutional neural recognition networks is proposed in this paper. Recent works proved that by employing the classifier probabilities on the complement (incorrect) classes as well as the ground-truth class in Softmax Cross Entropy, the model achieves better performance on adversarial inputs. In this paper, we show that in addition to using the information from Softmax layer, the extracted features from convolutional layers also enhance the robustness. In our new cost function, Regularized Guided Complement Entropy (RGCE), by decreasing the output of convolutional layers’ activation functions alongside utilizing Softmax layer output in training phase, we reach better model performance on adversarial attacks. Our proposed algorithm is evaluated on CIFAR-10 and GTSRB datasets. The performances of different convolutional neural networks on clean and adversarial images are reported and compared with other methods. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/5192a675-0dcb-427f-82c1-de49e905b351
- author
- Hashemi, Atiye Sadat LU ; Mozaffari, Saeed and Alirezaee, Shahpour
- publishing date
- 2022
- type
- Contribution to journal
- publication status
- published
- in
- Displays
- volume
- 74
- article number
- 102277
- external identifiers
-
- scopus:85135516728
- DOI
- 10.1016/j.displa.2022.102277
- language
- English
- LU publication?
- no
- id
- 5192a675-0dcb-427f-82c1-de49e905b351
- date added to LUP
- 2025-01-31 14:03:09
- date last changed
- 2025-02-03 08:23:00
@article{5192a675-0dcb-427f-82c1-de49e905b351,
abstract = {{The robustness of deep neural networks is an increasingly essential issue as they become more and more prevalent in several real-world applications like autonomous vehicles. If traffic signs turn to adversarial examples, an autonomous vehicle will probably be misled and cause fatal accidents. To improve adversarial robustness, a new cost function for training convolutional neural recognition networks is proposed in this paper. Recent works proved that by employing the classifier probabilities on the complement (incorrect) classes as well as the ground-truth class in Softmax Cross Entropy, the model achieves better performance on adversarial inputs. In this paper, we show that in addition to using the information from Softmax layer, the extracted features from convolutional layers also enhance the robustness. In our new cost function, Regularized Guided Complement Entropy (RGCE), by decreasing the output of convolutional layers’ activation functions alongside utilizing Softmax layer output in training phase, we reach better model performance on adversarial attacks. Our proposed algorithm is evaluated on CIFAR-10 and GTSRB datasets. The performances of different convolutional neural networks on clean and adversarial images are reported and compared with other methods.}},
author = {{Hashemi, Atiye Sadat and Mozaffari, Saeed and Alirezaee, Shahpour}},
language = {{eng}},
series = {{Displays}},
title = {{Improving adversarial robustness of traffic sign image recognition networks}},
url = {{http://dx.doi.org/10.1016/j.displa.2022.102277}},
doi = {{10.1016/j.displa.2022.102277}},
volume = {{74}},
year = {{2022}},
}