Climate models are vital for understanding and projecting global climate change and its associated impacts.However,these models suffer from biases that limit their accuracy in historical simulations and the trustworth...Climate models are vital for understanding and projecting global climate change and its associated impacts.However,these models suffer from biases that limit their accuracy in historical simulations and the trustworthiness of future projections.Addressing these challenges requires addressing internal variability,hindering the direct alignment between model simulations and observations,and thwarting conventional supervised learning methods.Here,we employ an unsupervised Cycle-consistent Generative Adversarial Network(CycleGAN),to correct daily Sea Surface Temperature(SST)simulations from the Community Earth System Model 2(CESM2).Our results reveal that the CycleGAN not only corrects climatological biases but also improves the simulation of major dynamic modes including the El Niño-Southern Oscillation(ENSO)and the Indian Ocean Dipole mode,as well as SST extremes.Notably,it substantially corrects climatological SST biases,decreasing the globally averaged Root-Mean-Square Error(RMSE)by 58%.Intriguingly,the CycleGAN effectively addresses the well-known excessive westward bias in ENSO SST anomalies,a common issue in climate models that traditional methods,like quantile mapping,struggle to rectify.Additionally,it substantially improves the simulation of SST extremes,raising the pattern correlation coefficient(PCC)from 0.56 to 0.88 and lowering the RMSE from 0.5 to 0.32.This enhancement is attributed to better representations of interannual,intraseasonal,and synoptic scales variabilities.Our study offers a novel approach to correct global SST simulations and underscores its effectiveness across different time scales and primary dynamical modes.展开更多
Landslides are destructive natural disasters that cause catastrophic damage and loss of life worldwide.Accurately predicting landslide displacement enables effective early warning and risk management.However,the limit...Landslides are destructive natural disasters that cause catastrophic damage and loss of life worldwide.Accurately predicting landslide displacement enables effective early warning and risk management.However,the limited availability of on-site measurement data has been a substantial obstacle in developing data-driven models,such as state-of-the-art machine learning(ML)models.To address these challenges,this study proposes a data augmentation framework that uses generative adversarial networks(GANs),a recent advance in generative artificial intelligence(AI),to improve the accuracy of landslide displacement prediction.The framework provides effective data augmentation to enhance limited datasets.A recurrent GAN model,RGAN-LS,is proposed,specifically designed to generate realistic synthetic multivariate time series that mimics the characteristics of real landslide on-site measurement data.A customized moment-matching loss is incorporated in addition to the adversarial loss in GAN during the training of RGAN-LS to capture the temporal dynamics and correlations in real time series data.Then,the synthetic data generated by RGAN-LS is used to enhance the training of long short-term memory(LSTM)networks and particle swarm optimization-support vector machine(PSO-SVM)models for landslide displacement prediction tasks.Results on two landslides in the Three Gorges Reservoir(TGR)region show a significant improvement in LSTM model prediction performance when trained on augmented data.For instance,in the case of the Baishuihe landslide,the average root mean square error(RMSE)increases by 16.11%,and the mean absolute error(MAE)by 17.59%.More importantly,the model’s responsiveness during mutational stages is enhanced for early warning purposes.However,the results have shown that the static PSO-SVM model only sees marginal gains compared to recurrent models such as LSTM.Further analysis indicates that an optimal synthetic-to-real data ratio(50%on the illustration cases)maximizes the improvements.This also demonstrates the robustness and effectiveness of supplementing training data for dynamic models to obtain better results.By using the powerful generative AI approach,RGAN-LS can generate high-fidelity synthetic landslide data.This is critical for improving the performance of advanced ML models in predicting landslide displacement,particularly when there are limited training data.Additionally,this approach has the potential to expand the use of generative AI in geohazard risk management and other research areas.展开更多
Mechanically cleaved two-dimensional materials are random in size and thickness.Recognizing atomically thin flakes by human experts is inefficient and unsuitable for scalable production.Deep learning algorithms have b...Mechanically cleaved two-dimensional materials are random in size and thickness.Recognizing atomically thin flakes by human experts is inefficient and unsuitable for scalable production.Deep learning algorithms have been adopted as an alternative,nevertheless a major challenge is a lack of sufficient actual training images.Here we report the generation of synthetic two-dimensional materials images using StyleGAN3 to complement the dataset.DeepLabv3Plus network is trained with the synthetic images which reduces overfitting and improves recognition accuracy to over 90%.A semi-supervisory technique for labeling images is introduced to reduce manual efforts.The sharper edges recognized by this method facilitate material stacking with precise edge alignment,which benefits exploring novel properties of layered-material devices that crucially depend on the interlayer twist-angle.This feasible and efficient method allows for the rapid and high-quality manufacturing of atomically thin materials and devices.展开更多
Neutron radiography is a crucial nondestructive testing technology widely used in the aerospace,military,and nuclear industries.However,because of the physical limitations of neutron sources and collimators,the result...Neutron radiography is a crucial nondestructive testing technology widely used in the aerospace,military,and nuclear industries.However,because of the physical limitations of neutron sources and collimators,the resulting neutron radiographic images inevitably exhibit multiple distortions,including noise,geometric unsharpness,and white spots.Furthermore,these distortions are particularly significant in compact neutron radiography systems with low neutron fluxes.Therefore,in this study,we devised a multi-distortion suppression network that employs a modified generative adversarial network to improve the quality of degraded neutron radiographic images.Real neutron radiographic image datasets with various types and levels of distortion were built for the first time as multi-distortion suppression datasets.Thereafter,the coordinate attention mechanism was incorporated into the backbone network to augment the capability of the proposed network to learn the abstract relationship between ideally clear and degraded images.Extensive experiments were performed;the results show that the proposed method can effectively suppress multiple distortions in real neutron radiographic images and achieve state-of-theart perceptual visual quality,thus demonstrating its application potential in neutron radiography.展开更多
In this paper,we study the covert performance of the downlink low earth orbit(LEO)satellite communication,where the unmanned aerial vehicle(UAV)is employed as a cooperative jammer.To maximize the covert rate of the LE...In this paper,we study the covert performance of the downlink low earth orbit(LEO)satellite communication,where the unmanned aerial vehicle(UAV)is employed as a cooperative jammer.To maximize the covert rate of the LEO satellite transmission,a multi-objective problem is formulated to jointly optimize the UAV’s jamming power and trajectory.For practical consideration,we assume that the UAV can only have partial environmental information,and can’t know the detection threshold and exact location of the eavesdropper on the ground.To solve the multiobjective problem,we propose the data-driven generative adversarial network(DD-GAN)based method to optimize the power and trajectory of the UAV,in which the sample data is collected by using genetic algorithm(GA).Simulation results show that the jamming solution of UAV generated by DD-GAN can achieve an effective trade-off between covert rate and probability of detection errors when only limited prior information is obtained.展开更多
Accurate quantification of the uncertainty in the mechanical characteristics of dielectric solids is crucial for advancing their application in high-precision technological domains,necessitating the development of rob...Accurate quantification of the uncertainty in the mechanical characteristics of dielectric solids is crucial for advancing their application in high-precision technological domains,necessitating the development of robust com-putational methods.This paper introduces a Conditional Generation Adversarial Network Isogeometric Analysis(CGAN-IGA)to assess the uncertainty of dielectric solids’mechanical characteristics.IGA is utilized for the precise computation of electric potentials in dielectric,piezoelectric,and flexoelectric materials,leveraging its advantage of integrating seamlessly with Computer-Aided Design(CAD)models to maintain exact geometrical fidelity.The CGAN method is highly efficient in generating models for piezoelectric and flexoelectric materials,specifically adapting to targeted design requirements and constraints.Then,the CGAN-IGA is adopted to calculate the electric potential of optimum models with different parameters to accelerate uncertainty quantification processes.The accuracy and feasibility of this method are verified through numerical experiments presented herein.展开更多
Robot calligraphy visually reflects the motion capability of robotic manipulators.While traditional researches mainly focus on image generation and the writing of simple calligraphic strokes or characters,this article...Robot calligraphy visually reflects the motion capability of robotic manipulators.While traditional researches mainly focus on image generation and the writing of simple calligraphic strokes or characters,this article presents a generative adversarial network(GAN)-based motion learning method for robotic calligraphy synthesis(Gan2CS)that can enhance the efficiency in writing complex calligraphy words and reproducing classic calligraphy works.The key technologies in the proposed approach include:(1)adopting the GAN to learn the motion parameters from the robot writing operation;(2)converting the learnt motion data into the style font and realising the transition from static calligraphy images to dynamic writing demonstration;(3)reproducing high-precision calligraphy works by synthesising the writing motion data hierarchically.In this study,the motion trajectories of sample calligraphy images are firstly extracted and converted into the robot module.The robot performs the writing with motion planning,and the writing motion parameters of calligraphy strokes are learnt with GANs.Then the motion data of basic strokes is synthesised based on the hierarchical process of‘stroke-radicalpart-character’.And the robot re-writes the synthesised characters whose similarity with the original calligraphy characters is evaluated.Regular calligraphy characters have been tested in the experiments for method validation and the results validated that the robot can actualise the robotic calligraphy synthesis of writing motion data with GAN.展开更多
Readout errors caused by measurement noise are a significant source of errors in quantum circuits,which severely affect the output results and are an urgent problem to be solved in noisy-intermediate scale quantum(NIS...Readout errors caused by measurement noise are a significant source of errors in quantum circuits,which severely affect the output results and are an urgent problem to be solved in noisy-intermediate scale quantum(NISQ)computing.In this paper,we use the bit-flip averaging(BFA)method to mitigate frequent readout errors in quantum generative adversarial networks(QGAN)for image generation,which simplifies the response matrix structure by averaging the qubits for each random bit-flip in advance,successfully solving problems with high cost of measurement for traditional error mitigation methods.Our experiments were simulated in Qiskit using the handwritten digit image recognition dataset under the BFA-based method,the Kullback-Leibler(KL)divergence of the generated images converges to 0.04,0.05,and 0.1 for readout error probabilities of p=0.01,p=0.05,and p=0.1,respectively.Additionally,by evaluating the fidelity of the quantum states representing the images,we observe average fidelity values of 0.97,0.96,and 0.95 for the three readout error probabilities,respectively.These results demonstrate the robustness of the model in mitigating readout errors and provide a highly fault tolerant mechanism for image generation models.展开更多
Structural damage in heterogeneousmaterials typically originates frommicrostructures where stress concentration occurs.Therefore,evaluating the magnitude and location of localized stress distributions within microstru...Structural damage in heterogeneousmaterials typically originates frommicrostructures where stress concentration occurs.Therefore,evaluating the magnitude and location of localized stress distributions within microstructures under external loading is crucial.Repeating unit cells(RUCs)are commonly used to represent microstructural details and homogenize the effective response of composites.This work develops a machine learning-based micromechanics tool to accurately predict the stress distributions of extracted RUCs.The locally exact homogenization theory efficiently generates the microstructural stresses of RUCs with a wide range of parameters,including volume fraction,fiber/matrix property ratio,fiber shapes,and loading direction.Subsequently,the conditional generative adversarial network(cGAN)is employed and constructed as a surrogate model to establish the statistical correlation between these parameters and the corresponding localized stresses.The stresses predicted by cGAN are validated against the remaining true data not used for training,showing good agreement.This work demonstrates that the cGAN-based micromechanics tool effectively captures the local responses of composite RUCs.It can be used for predicting potential crack initiations starting from microstructures and evaluating the effective behavior of periodic composites.展开更多
Network security problems bring many imperceptible threats to the integrity of data and the reliability of device services,so proposing a network intrusion detection model with high reliability is of great research si...Network security problems bring many imperceptible threats to the integrity of data and the reliability of device services,so proposing a network intrusion detection model with high reliability is of great research significance for network security.Due to the strong generalization of invalid features during training process,it is more difficult for single autoencoder intrusion detection model to obtain effective results.A network intrusion detection model based on the Ensemble of Denoising Adversarial Autoencoder(EDAAE)was proposed,which had higher accuracy and reliability compared to the traditional anomaly detection model.Using the adversarial learning idea of Adversarial Autoencoder(AAE),the discriminator module was added to the original model,and the encoder part was used as the generator.The distribution of the hidden space of the data generated by the encoder matched with the distribution of the original data.The generalization of the model to the invalid features was also reduced to improve the detection accuracy.At the same time,the denoising autoencoder and integrated operation was introduced to prevent overfitting in the adversarial learning process.Experiments on the CICIDS2018 traffic dataset showed that the proposed intrusion detection model achieves an Accuracy of 95.23%,which out performs traditional self-encoders and other existing intrusion detection models methods in terms of overall performance.展开更多
Early and timely diagnosis of stroke is critical for effective treatment,and the electroencephalogram(EEG)offers a low-cost,non-invasive solution.However,the shortage of high-quality patient EEG data often hampers the...Early and timely diagnosis of stroke is critical for effective treatment,and the electroencephalogram(EEG)offers a low-cost,non-invasive solution.However,the shortage of high-quality patient EEG data often hampers the accuracy of diagnostic classification methods based on deep learning.To address this issue,our study designed a deep data amplification model named Progressive Conditional Generative Adversarial Network with Efficient Approximating Self Attention(PCGAN-EASA),which incrementally improves the quality of generated EEG features.This network can yield full-scale,fine-grained EEG features from the low-scale,coarse ones.Specially,to overcome the limitations of traditional generative models that fail to generate features tailored to individual patient characteristics,we developed an encoder with an effective approximating self-attention mechanism.This encoder not only automatically extracts relevant features across different patients but also reduces the computational resource consumption.Furthermore,the adversarial loss and reconstruction loss functions were redesigned to better align with the training characteristics of the network and the spatial correlations among electrodes.Extensive experimental results demonstrate that PCGAN-EASA provides the highest generation quality and the lowest computational resource usage compared to several existing approaches.Additionally,it significantly improves the accuracy of subsequent stroke classification tasks.展开更多
In this study,an underwater image enhancement method based on multi-scale adversarial network was proposed to solve the problem of detail blur and color distortion in underwater images.Firstly,the local features of ea...In this study,an underwater image enhancement method based on multi-scale adversarial network was proposed to solve the problem of detail blur and color distortion in underwater images.Firstly,the local features of each layer were enhanced into the global features by the proposed residual dense block,which ensured that the generated images retain more details.Secondly,a multi-scale structure was adopted to extract multi-scale semantic features of the original images.Finally,the features obtained from the dual channels were fused by an adaptive fusion module to further optimize the features.The discriminant network adopted the structure of the Markov discriminator.In addition,by constructing mean square error,structural similarity,and perceived color loss function,the generated image is consistent with the reference image in structure,color,and content.The experimental results showed that the enhanced underwater image deblurring effect of the proposed algorithm was good and the problem of underwater image color bias was effectively improved.In both subjective and objective evaluation indexes,the experimental results of the proposed algorithm are better than those of the comparison algorithm.展开更多
This study addresses challenges in fetal magnetic resonance imaging (MRI) related to motion artifacts, maternal respiration, and hardware limitations. To enhance MRI quality, we employ deep learning techniques, specif...This study addresses challenges in fetal magnetic resonance imaging (MRI) related to motion artifacts, maternal respiration, and hardware limitations. To enhance MRI quality, we employ deep learning techniques, specifically utilizing Cycle GAN. Synthetic pairs of images, simulating artifacts in fetal MRI, are generated to train the model. Our primary contribution is the use of Cycle GAN for fetal MRI restoration, augmented by artificially corrupted data. We compare three approaches (supervised Cycle GAN, Pix2Pix, and Mobile Unet) for artifact removal. Experimental results demonstrate that the proposed supervised Cycle GAN effectively removes artifacts while preserving image details, as validated through Structural Similarity Index Measure (SSIM) and normalized Mean Absolute Error (MAE). The method proves comparable to alternatives but avoids the generation of spurious regions, which is crucial for medical accuracy.展开更多
As modern communication technology advances apace,the digital communication signals identification plays an important role in cognitive radio networks,the communication monitoring and management systems.AI has become ...As modern communication technology advances apace,the digital communication signals identification plays an important role in cognitive radio networks,the communication monitoring and management systems.AI has become a promising solution to this problem due to its powerful modeling capability,which has become a consensus in academia and industry.However,because of the data-dependence and inexplicability of AI models and the openness of electromagnetic space,the physical layer digital communication signals identification model is threatened by adversarial attacks.Adversarial examples pose a common threat to AI models,where well-designed and slight perturbations added to input data can cause wrong results.Therefore,the security of AI models for the digital communication signals identification is the premise of its efficient and credible applications.In this paper,we first launch adversarial attacks on the end-to-end AI model for automatic modulation classifi-cation,and then we explain and present three defense mechanisms based on the adversarial principle.Next we present more detailed adversarial indicators to evaluate attack and defense behavior.Finally,a demonstration verification system is developed to show that the adversarial attack is a real threat to the digital communication signals identification model,which should be paid more attention in future research.展开更多
With the rapid development of deep learning-based detection algorithms,deep learning is widely used in the field of infrared small target detection.However,well-designed adversarial samples can fool human visual perce...With the rapid development of deep learning-based detection algorithms,deep learning is widely used in the field of infrared small target detection.However,well-designed adversarial samples can fool human visual perception,directly causing a serious decline in the detection quality of the recognition model.In this paper,an adversarial defense technology for small infrared targets is proposed to improve model robustness.The adversarial samples with strong migration can not only improve the generalization of defense technology,but also save the training cost.Therefore,this study adopts the concept of maximizing multidimensional feature distortion,applying noise to clean samples to serve as subsequent training samples.On this basis,this study proposes an inverse perturbation elimination method based on Generative Adversarial Networks(GAN)to realize the adversarial defense,and design the generator and discriminator for infrared small targets,aiming to make both of them compete with each other to continuously improve the performance of the model,find out the commonalities and differences between the adversarial samples and the original samples.Through experimental verification,our defense algorithm is not only able to cope with multiple attacks but also performs well on different recognition models compared to commonly used defense algorithms,making it a plug-and-play efficient adversarial defense technique.展开更多
Adversarial distillation(AD)has emerged as a potential solution to tackle the challenging optimization problem of loss with hard labels in adversarial training.However,fixed sample-agnostic and student-egocentric atta...Adversarial distillation(AD)has emerged as a potential solution to tackle the challenging optimization problem of loss with hard labels in adversarial training.However,fixed sample-agnostic and student-egocentric attack strategies are unsuitable for distillation.Additionally,the reliability of guidance from static teachers diminishes as target models become more robust.This paper proposes an AD method called Learnable Distillation Attack Strategies and Evolvable Teachers Adversarial Distillation(LDAS&ET-AD).Firstly,a learnable distillation attack strategies generating mechanism is developed to automatically generate sample-dependent attack strategies tailored for distillation.A strategy model is introduced to produce attack strategies that enable adversarial examples(AEs)to be created in areas where the target model significantly diverges from the teachers by competing with the target model in minimizing or maximizing the AD loss.Secondly,a teacher evolution strategy is introduced to enhance the reliability and effectiveness of knowledge in improving the generalization performance of the target model.By calculating the experimentally updated target model’s validation performance on both clean samples and AEs,the impact of distillation from each training sample and AE on the target model’s generalization and robustness abilities is assessed to serve as feedback to fine-tune standard and robust teachers accordingly.Experiments evaluate the performance of LDAS&ET-AD against different adversarial attacks on the CIFAR-10 and CIFAR-100 datasets.The experimental results demonstrate that the proposed method achieves a robust precision of 45.39%and 42.63%against AutoAttack(AA)on the CIFAR-10 dataset for ResNet-18 and MobileNet-V2,respectively,marking an improvement of 2.31%and 3.49%over the baseline method.In comparison to state-of-the-art adversarial defense techniques,our method surpasses Introspective Adversarial Distillation,the top-performing method in terms of robustness under AA attack for the CIFAR-10 dataset,with enhancements of 1.40%and 1.43%for ResNet-18 and MobileNet-V2,respectively.These findings demonstrate the effectiveness of our proposed method in enhancing the robustness of deep learning networks(DNNs)against prevalent adversarial attacks when compared to other competing methods.In conclusion,LDAS&ET-AD provides reliable and informative soft labels to one of the most promising defense methods,AT,alleviating the limitations of untrusted teachers and unsuitable AEs in existing AD techniques.We hope this paper promotes the development of DNNs in real-world trust-sensitive fields and helps ensure a more secure and dependable future for artificial intelligence systems.展开更多
Antivirus vendors and the research community employ Machine Learning(ML)or Deep Learning(DL)-based static analysis techniques for efficient identification of new threats,given the continual emergence of novel malware ...Antivirus vendors and the research community employ Machine Learning(ML)or Deep Learning(DL)-based static analysis techniques for efficient identification of new threats,given the continual emergence of novel malware variants.On the other hand,numerous researchers have reported that Adversarial Examples(AEs),generated by manipulating previously detected malware,can successfully evade ML/DL-based classifiers.Commercial antivirus systems,in particular,have been identified as vulnerable to such AEs.This paper firstly focuses on conducting black-box attacks to circumvent ML/DL-based malware classifiers.Our attack method utilizes seven different perturbations,including Overlay Append,Section Append,and Break Checksum,capitalizing on the ambiguities present in the PE format,as previously employed in evasion attack research.By directly applying the perturbation techniques to PE binaries,our attack method eliminates the need to grapple with the problem-feature space dilemma,a persistent challenge in many evasion attack studies.Being a black-box attack,our method can generate AEs that successfully evade both DL-based and ML-based classifiers.Also,AEs generated by the attack method retain their executability and malicious behavior,eliminating the need for functionality verification.Through thorogh evaluations,we confirmed that the attack method achieves an evasion rate of 65.6%against well-known ML-based malware detectors and can reach a remarkable 99%evasion rate against well-known DL-based malware detectors.Furthermore,our AEs demonstrated the capability to bypass detection by 17%of vendors out of the 64 on VirusTotal(VT).In addition,we propose a defensive approach that utilizes Trend Locality Sensitive Hashing(TLSH)to construct a similarity-based defense model.Through several experiments on the approach,we verified that our defense model can effectively counter AEs generated by the perturbation techniques.In conclusion,our defense model alleviates the limitation of the most promising defense method,adversarial training,which is only effective against the AEs that are included in the training classifiers.展开更多
In recent years,various adversarial defense methods have been proposed to improve the robustness of deep neural networks.Adversarial training is one of the most potent methods to defend against adversarial attacks.How...In recent years,various adversarial defense methods have been proposed to improve the robustness of deep neural networks.Adversarial training is one of the most potent methods to defend against adversarial attacks.However,the difference in the feature space between natural and adversarial examples hinders the accuracy and robustness of the model in adversarial training.This paper proposes a learnable distribution adversarial training method,aiming to construct the same distribution for training data utilizing the Gaussian mixture model.The distribution centroid is built to classify samples and constrain the distribution of the sample features.The natural and adversarial examples are pushed to the same distribution centroid to improve the accuracy and robustness of the model.The proposed method generates adversarial examples to close the distribution gap between the natural and adversarial examples through an attack algorithm explicitly designed for adversarial training.This algorithm gradually increases the accuracy and robustness of the model by scaling perturbation.Finally,the proposed method outputs the predicted labels and the distance between the sample and the distribution centroid.The distribution characteristics of the samples can be utilized to detect adversarial cases that can potentially evade the model defense.The effectiveness of the proposed method is demonstrated through comprehensive experiments.展开更多
Neural networks play a significant role in the field of image classification.When an input image is modified by adversarial attacks,the changes are imperceptible to the human eye,but it still leads to misclassificatio...Neural networks play a significant role in the field of image classification.When an input image is modified by adversarial attacks,the changes are imperceptible to the human eye,but it still leads to misclassification of the images.Researchers have demonstrated these attacks to make production self-driving cars misclassify StopRoad signs as 45 Miles Per Hour(MPH)road signs and a turtle being misclassified as AK47.Three primary types of defense approaches exist which can safeguard against such attacks i.e.,Gradient Masking,Robust Optimization,and Adversarial Example Detection.Very few approaches use Generative Adversarial Networks(GAN)for Defense against Adversarial Attacks.In this paper,we create a new approach to defend against adversarial attacks,dubbed Chained Dual-Generative Adversarial Network(CD-GAN)that tackles the defense against adversarial attacks by minimizing the perturbations of the adversarial image using iterative oversampling and undersampling using GANs.CD-GAN is created using two GANs,i.e.,CDGAN’s Sub-ResolutionGANandCDGAN’s Super-ResolutionGAN.The first is CDGAN’s Sub-Resolution GAN which takes the original resolution input image and oversamples it to generate a lower resolution neutralized image.The second is CDGAN’s Super-Resolution GAN which takes the output of the CDGAN’s Sub-Resolution and undersamples,it to generate the higher resolution image which removes any remaining perturbations.Chained Dual GAN is formed by chaining these two GANs together.Both of these GANs are trained independently.CDGAN’s Sub-Resolution GAN is trained using higher resolution adversarial images as inputs and lower resolution neutralized images as output image examples.Hence,this GAN downscales the image while removing adversarial attack noise.CDGAN’s Super-Resolution GAN is trained using lower resolution adversarial images as inputs and higher resolution neutralized images as output images.Because of this,it acts as an Upscaling GAN while removing the adversarial attak noise.Furthermore,CD-GAN has a modular design such that it can be prefixed to any existing classifier without any retraining or extra effort,and 2542 CMC,2023,vol.74,no.2 can defend any classifier model against adversarial attack.In this way,it is a Generalized Defense against adversarial attacks,capable of defending any classifier model against any attacks.This enables the user to directly integrate CD-GANwith an existing production deployed classifier smoothly.CD-GAN iteratively removes the adversarial noise using a multi-step approach in a modular approach.It performs comparably to the state of the arts with mean accuracy of 33.67 while using minimal compute resources in training.展开更多
基金supported by the National Natural Science Foundation of China(Grant Nos.42141019 and 42261144687)the Second Tibetan Plateau Scientific Expedition and Research(STEP)program(Grant No.2019QZKK0102)+4 种基金the Strategic Priority Research Program of the Chinese Academy of Sciences(Grant No.XDB42010404)the National Natural Science Foundation of China(Grant No.42175049)the Guangdong Meteorological Service Science and Technology Research Project(Grant No.GRMC2021M01)the National Key Scientific and Technological Infrastructure project“Earth System Science Numerical Simulator Facility”(EarthLab)for computational support and Prof.Shiming XIANG for many useful discussionsNiklas BOERS acknowledges funding from the Volkswagen foundation.
文摘Climate models are vital for understanding and projecting global climate change and its associated impacts.However,these models suffer from biases that limit their accuracy in historical simulations and the trustworthiness of future projections.Addressing these challenges requires addressing internal variability,hindering the direct alignment between model simulations and observations,and thwarting conventional supervised learning methods.Here,we employ an unsupervised Cycle-consistent Generative Adversarial Network(CycleGAN),to correct daily Sea Surface Temperature(SST)simulations from the Community Earth System Model 2(CESM2).Our results reveal that the CycleGAN not only corrects climatological biases but also improves the simulation of major dynamic modes including the El Niño-Southern Oscillation(ENSO)and the Indian Ocean Dipole mode,as well as SST extremes.Notably,it substantially corrects climatological SST biases,decreasing the globally averaged Root-Mean-Square Error(RMSE)by 58%.Intriguingly,the CycleGAN effectively addresses the well-known excessive westward bias in ENSO SST anomalies,a common issue in climate models that traditional methods,like quantile mapping,struggle to rectify.Additionally,it substantially improves the simulation of SST extremes,raising the pattern correlation coefficient(PCC)from 0.56 to 0.88 and lowering the RMSE from 0.5 to 0.32.This enhancement is attributed to better representations of interannual,intraseasonal,and synoptic scales variabilities.Our study offers a novel approach to correct global SST simulations and underscores its effectiveness across different time scales and primary dynamical modes.
基金supported by the Natural Science Foundation of Jiangsu Province(Grant No.BK20220421)the State Key Program of the National Natural Science Foundation of China(Grant No.42230702)the National Natural Science Foundation of China(Grant No.82302352).
文摘Landslides are destructive natural disasters that cause catastrophic damage and loss of life worldwide.Accurately predicting landslide displacement enables effective early warning and risk management.However,the limited availability of on-site measurement data has been a substantial obstacle in developing data-driven models,such as state-of-the-art machine learning(ML)models.To address these challenges,this study proposes a data augmentation framework that uses generative adversarial networks(GANs),a recent advance in generative artificial intelligence(AI),to improve the accuracy of landslide displacement prediction.The framework provides effective data augmentation to enhance limited datasets.A recurrent GAN model,RGAN-LS,is proposed,specifically designed to generate realistic synthetic multivariate time series that mimics the characteristics of real landslide on-site measurement data.A customized moment-matching loss is incorporated in addition to the adversarial loss in GAN during the training of RGAN-LS to capture the temporal dynamics and correlations in real time series data.Then,the synthetic data generated by RGAN-LS is used to enhance the training of long short-term memory(LSTM)networks and particle swarm optimization-support vector machine(PSO-SVM)models for landslide displacement prediction tasks.Results on two landslides in the Three Gorges Reservoir(TGR)region show a significant improvement in LSTM model prediction performance when trained on augmented data.For instance,in the case of the Baishuihe landslide,the average root mean square error(RMSE)increases by 16.11%,and the mean absolute error(MAE)by 17.59%.More importantly,the model’s responsiveness during mutational stages is enhanced for early warning purposes.However,the results have shown that the static PSO-SVM model only sees marginal gains compared to recurrent models such as LSTM.Further analysis indicates that an optimal synthetic-to-real data ratio(50%on the illustration cases)maximizes the improvements.This also demonstrates the robustness and effectiveness of supplementing training data for dynamic models to obtain better results.By using the powerful generative AI approach,RGAN-LS can generate high-fidelity synthetic landslide data.This is critical for improving the performance of advanced ML models in predicting landslide displacement,particularly when there are limited training data.Additionally,this approach has the potential to expand the use of generative AI in geohazard risk management and other research areas.
基金Project supported by the National Key Research and Development Program of China(Grant No.2022YFB2803900)the National Natural Science Foundation of China(Grant Nos.61974075 and 61704121)+2 种基金the Natural Science Foundation of Tianjin Municipality(Grant Nos.22JCZDJC00460 and 19JCQNJC00700)Tianjin Municipal Education Commission(Grant No.2019KJ028)Fundamental Research Funds for the Central Universities(Grant No.22JCZDJC00460).
文摘Mechanically cleaved two-dimensional materials are random in size and thickness.Recognizing atomically thin flakes by human experts is inefficient and unsuitable for scalable production.Deep learning algorithms have been adopted as an alternative,nevertheless a major challenge is a lack of sufficient actual training images.Here we report the generation of synthetic two-dimensional materials images using StyleGAN3 to complement the dataset.DeepLabv3Plus network is trained with the synthetic images which reduces overfitting and improves recognition accuracy to over 90%.A semi-supervisory technique for labeling images is introduced to reduce manual efforts.The sharper edges recognized by this method facilitate material stacking with precise edge alignment,which benefits exploring novel properties of layered-material devices that crucially depend on the interlayer twist-angle.This feasible and efficient method allows for the rapid and high-quality manufacturing of atomically thin materials and devices.
基金supported by National Natural Science Foundation of China(Nos.11905028,12105040)Scientific Research Project of Education Department of Jilin Province(No.JJKH20231294KJ)。
文摘Neutron radiography is a crucial nondestructive testing technology widely used in the aerospace,military,and nuclear industries.However,because of the physical limitations of neutron sources and collimators,the resulting neutron radiographic images inevitably exhibit multiple distortions,including noise,geometric unsharpness,and white spots.Furthermore,these distortions are particularly significant in compact neutron radiography systems with low neutron fluxes.Therefore,in this study,we devised a multi-distortion suppression network that employs a modified generative adversarial network to improve the quality of degraded neutron radiographic images.Real neutron radiographic image datasets with various types and levels of distortion were built for the first time as multi-distortion suppression datasets.Thereafter,the coordinate attention mechanism was incorporated into the backbone network to augment the capability of the proposed network to learn the abstract relationship between ideally clear and degraded images.Extensive experiments were performed;the results show that the proposed method can effectively suppress multiple distortions in real neutron radiographic images and achieve state-of-theart perceptual visual quality,thus demonstrating its application potential in neutron radiography.
基金supported in part by the National Natural Science Foundation for Distinguished Young Scholar 61825104in part by the National Natural Science Foundation of China under Grant 62201582+4 种基金in part by the National Nature Science Foundation of China under Grants 62101450in part by the Key R&D Plan of Shaan Xi Province Grants 2023YBGY037in part by National Key R&D Program of China(2022YFC3301300)in part by the Natural Science Basic Research Program of Shaanxi under Grant 2022JQ-632in part by Innovative Cultivation Project of School of Information and Communication of National University of Defense Technology under Grant YJKT-ZD-2202。
文摘In this paper,we study the covert performance of the downlink low earth orbit(LEO)satellite communication,where the unmanned aerial vehicle(UAV)is employed as a cooperative jammer.To maximize the covert rate of the LEO satellite transmission,a multi-objective problem is formulated to jointly optimize the UAV’s jamming power and trajectory.For practical consideration,we assume that the UAV can only have partial environmental information,and can’t know the detection threshold and exact location of the eavesdropper on the ground.To solve the multiobjective problem,we propose the data-driven generative adversarial network(DD-GAN)based method to optimize the power and trajectory of the UAV,in which the sample data is collected by using genetic algorithm(GA).Simulation results show that the jamming solution of UAV generated by DD-GAN can achieve an effective trade-off between covert rate and probability of detection errors when only limited prior information is obtained.
文摘Accurate quantification of the uncertainty in the mechanical characteristics of dielectric solids is crucial for advancing their application in high-precision technological domains,necessitating the development of robust com-putational methods.This paper introduces a Conditional Generation Adversarial Network Isogeometric Analysis(CGAN-IGA)to assess the uncertainty of dielectric solids’mechanical characteristics.IGA is utilized for the precise computation of electric potentials in dielectric,piezoelectric,and flexoelectric materials,leveraging its advantage of integrating seamlessly with Computer-Aided Design(CAD)models to maintain exact geometrical fidelity.The CGAN method is highly efficient in generating models for piezoelectric and flexoelectric materials,specifically adapting to targeted design requirements and constraints.Then,the CGAN-IGA is adopted to calculate the electric potential of optimum models with different parameters to accelerate uncertainty quantification processes.The accuracy and feasibility of this method are verified through numerical experiments presented herein.
基金National Key Research and Development Program of China,Grant/Award Numbers:2021YFB2501301,2019YFB1600704The Science and Technology Development Fund,Grant/Award Numbers:0068/2020/AGJ,SKL‐IOTSC(UM)‐2021‐2023GDST,Grant/Award Numbers:2020B1212030003,MYRG2022‐00192‐FST。
文摘Robot calligraphy visually reflects the motion capability of robotic manipulators.While traditional researches mainly focus on image generation and the writing of simple calligraphic strokes or characters,this article presents a generative adversarial network(GAN)-based motion learning method for robotic calligraphy synthesis(Gan2CS)that can enhance the efficiency in writing complex calligraphy words and reproducing classic calligraphy works.The key technologies in the proposed approach include:(1)adopting the GAN to learn the motion parameters from the robot writing operation;(2)converting the learnt motion data into the style font and realising the transition from static calligraphy images to dynamic writing demonstration;(3)reproducing high-precision calligraphy works by synthesising the writing motion data hierarchically.In this study,the motion trajectories of sample calligraphy images are firstly extracted and converted into the robot module.The robot performs the writing with motion planning,and the writing motion parameters of calligraphy strokes are learnt with GANs.Then the motion data of basic strokes is synthesised based on the hierarchical process of‘stroke-radicalpart-character’.And the robot re-writes the synthesised characters whose similarity with the original calligraphy characters is evaluated.Regular calligraphy characters have been tested in the experiments for method validation and the results validated that the robot can actualise the robotic calligraphy synthesis of writing motion data with GAN.
基金Project supported by the Natural Science Foundation of Shandong Province,China (Grant No.ZR2021MF049)Joint Fund of Natural Science Foundation of Shandong Province (Grant Nos.ZR2022LLZ012 and ZR2021LLZ001)。
文摘Readout errors caused by measurement noise are a significant source of errors in quantum circuits,which severely affect the output results and are an urgent problem to be solved in noisy-intermediate scale quantum(NISQ)computing.In this paper,we use the bit-flip averaging(BFA)method to mitigate frequent readout errors in quantum generative adversarial networks(QGAN)for image generation,which simplifies the response matrix structure by averaging the qubits for each random bit-flip in advance,successfully solving problems with high cost of measurement for traditional error mitigation methods.Our experiments were simulated in Qiskit using the handwritten digit image recognition dataset under the BFA-based method,the Kullback-Leibler(KL)divergence of the generated images converges to 0.04,0.05,and 0.1 for readout error probabilities of p=0.01,p=0.05,and p=0.1,respectively.Additionally,by evaluating the fidelity of the quantum states representing the images,we observe average fidelity values of 0.97,0.96,and 0.95 for the three readout error probabilities,respectively.These results demonstrate the robustness of the model in mitigating readout errors and provide a highly fault tolerant mechanism for image generation models.
基金the support from the National Key R&D Program of China underGrant(Grant No.2020YFA0711700)the National Natural Science Foundation of China(Grant Nos.52122801,11925206,51978609,U22A20254,and U23A20659)G.W.is supported by the National Natural Science Foundation of China(Nos.12002303,12192210 and 12192214).
文摘Structural damage in heterogeneousmaterials typically originates frommicrostructures where stress concentration occurs.Therefore,evaluating the magnitude and location of localized stress distributions within microstructures under external loading is crucial.Repeating unit cells(RUCs)are commonly used to represent microstructural details and homogenize the effective response of composites.This work develops a machine learning-based micromechanics tool to accurately predict the stress distributions of extracted RUCs.The locally exact homogenization theory efficiently generates the microstructural stresses of RUCs with a wide range of parameters,including volume fraction,fiber/matrix property ratio,fiber shapes,and loading direction.Subsequently,the conditional generative adversarial network(cGAN)is employed and constructed as a surrogate model to establish the statistical correlation between these parameters and the corresponding localized stresses.The stresses predicted by cGAN are validated against the remaining true data not used for training,showing good agreement.This work demonstrates that the cGAN-based micromechanics tool effectively captures the local responses of composite RUCs.It can be used for predicting potential crack initiations starting from microstructures and evaluating the effective behavior of periodic composites.
文摘Network security problems bring many imperceptible threats to the integrity of data and the reliability of device services,so proposing a network intrusion detection model with high reliability is of great research significance for network security.Due to the strong generalization of invalid features during training process,it is more difficult for single autoencoder intrusion detection model to obtain effective results.A network intrusion detection model based on the Ensemble of Denoising Adversarial Autoencoder(EDAAE)was proposed,which had higher accuracy and reliability compared to the traditional anomaly detection model.Using the adversarial learning idea of Adversarial Autoencoder(AAE),the discriminator module was added to the original model,and the encoder part was used as the generator.The distribution of the hidden space of the data generated by the encoder matched with the distribution of the original data.The generalization of the model to the invalid features was also reduced to improve the detection accuracy.At the same time,the denoising autoencoder and integrated operation was introduced to prevent overfitting in the adversarial learning process.Experiments on the CICIDS2018 traffic dataset showed that the proposed intrusion detection model achieves an Accuracy of 95.23%,which out performs traditional self-encoders and other existing intrusion detection models methods in terms of overall performance.
基金supported by the General Program under grant funded by the National Natural Science Foundation of China(NSFC)(No.62171307)the Basic Research Program of Shanxi Province under grant funded by the Department of Science and Technology of Shanxi Province(China)(No.202103021224113).
文摘Early and timely diagnosis of stroke is critical for effective treatment,and the electroencephalogram(EEG)offers a low-cost,non-invasive solution.However,the shortage of high-quality patient EEG data often hampers the accuracy of diagnostic classification methods based on deep learning.To address this issue,our study designed a deep data amplification model named Progressive Conditional Generative Adversarial Network with Efficient Approximating Self Attention(PCGAN-EASA),which incrementally improves the quality of generated EEG features.This network can yield full-scale,fine-grained EEG features from the low-scale,coarse ones.Specially,to overcome the limitations of traditional generative models that fail to generate features tailored to individual patient characteristics,we developed an encoder with an effective approximating self-attention mechanism.This encoder not only automatically extracts relevant features across different patients but also reduces the computational resource consumption.Furthermore,the adversarial loss and reconstruction loss functions were redesigned to better align with the training characteristics of the network and the spatial correlations among electrodes.Extensive experimental results demonstrate that PCGAN-EASA provides the highest generation quality and the lowest computational resource usage compared to several existing approaches.Additionally,it significantly improves the accuracy of subsequent stroke classification tasks.
文摘In this study,an underwater image enhancement method based on multi-scale adversarial network was proposed to solve the problem of detail blur and color distortion in underwater images.Firstly,the local features of each layer were enhanced into the global features by the proposed residual dense block,which ensured that the generated images retain more details.Secondly,a multi-scale structure was adopted to extract multi-scale semantic features of the original images.Finally,the features obtained from the dual channels were fused by an adaptive fusion module to further optimize the features.The discriminant network adopted the structure of the Markov discriminator.In addition,by constructing mean square error,structural similarity,and perceived color loss function,the generated image is consistent with the reference image in structure,color,and content.The experimental results showed that the enhanced underwater image deblurring effect of the proposed algorithm was good and the problem of underwater image color bias was effectively improved.In both subjective and objective evaluation indexes,the experimental results of the proposed algorithm are better than those of the comparison algorithm.
文摘This study addresses challenges in fetal magnetic resonance imaging (MRI) related to motion artifacts, maternal respiration, and hardware limitations. To enhance MRI quality, we employ deep learning techniques, specifically utilizing Cycle GAN. Synthetic pairs of images, simulating artifacts in fetal MRI, are generated to train the model. Our primary contribution is the use of Cycle GAN for fetal MRI restoration, augmented by artificially corrupted data. We compare three approaches (supervised Cycle GAN, Pix2Pix, and Mobile Unet) for artifact removal. Experimental results demonstrate that the proposed supervised Cycle GAN effectively removes artifacts while preserving image details, as validated through Structural Similarity Index Measure (SSIM) and normalized Mean Absolute Error (MAE). The method proves comparable to alternatives but avoids the generation of spurious regions, which is crucial for medical accuracy.
基金supported by the National Key Research and Development Program of China[grant number 2020YFA0608000]the National Natural Science Foundation of China[grant number 42075141]+2 种基金the Meteorological Joint Funds of the National Natural Science Foundation of China[grant number U2142211]the Key Project Fund of the Shanghai 2020“Science and Technology Innovation Action Plan”for Social Development[grant number 20dz1200702]the first batch of Model Interdisciplinary Joint Research Projects of Tongji University in 2021[grant number YB-21-202110].
基金supported by the National Natural Science Foundation of China(61771154)the Fundamental Research Funds for the Central Universities(3072022CF0601)supported by Key Laboratory of Advanced Marine Communication and Information Technology,Ministry of Industry and Information Technology,Harbin Engineering University,Harbin,China.
文摘As modern communication technology advances apace,the digital communication signals identification plays an important role in cognitive radio networks,the communication monitoring and management systems.AI has become a promising solution to this problem due to its powerful modeling capability,which has become a consensus in academia and industry.However,because of the data-dependence and inexplicability of AI models and the openness of electromagnetic space,the physical layer digital communication signals identification model is threatened by adversarial attacks.Adversarial examples pose a common threat to AI models,where well-designed and slight perturbations added to input data can cause wrong results.Therefore,the security of AI models for the digital communication signals identification is the premise of its efficient and credible applications.In this paper,we first launch adversarial attacks on the end-to-end AI model for automatic modulation classifi-cation,and then we explain and present three defense mechanisms based on the adversarial principle.Next we present more detailed adversarial indicators to evaluate attack and defense behavior.Finally,a demonstration verification system is developed to show that the adversarial attack is a real threat to the digital communication signals identification model,which should be paid more attention in future research.
基金supported in part by the National Natural Science Foundation of China under Grant 62073164the Shanghai Aerospace Science and Technology Innovation Foundation under Grant SAST2022-013.
文摘With the rapid development of deep learning-based detection algorithms,deep learning is widely used in the field of infrared small target detection.However,well-designed adversarial samples can fool human visual perception,directly causing a serious decline in the detection quality of the recognition model.In this paper,an adversarial defense technology for small infrared targets is proposed to improve model robustness.The adversarial samples with strong migration can not only improve the generalization of defense technology,but also save the training cost.Therefore,this study adopts the concept of maximizing multidimensional feature distortion,applying noise to clean samples to serve as subsequent training samples.On this basis,this study proposes an inverse perturbation elimination method based on Generative Adversarial Networks(GAN)to realize the adversarial defense,and design the generator and discriminator for infrared small targets,aiming to make both of them compete with each other to continuously improve the performance of the model,find out the commonalities and differences between the adversarial samples and the original samples.Through experimental verification,our defense algorithm is not only able to cope with multiple attacks but also performs well on different recognition models compared to commonly used defense algorithms,making it a plug-and-play efficient adversarial defense technique.
基金the National Key Research and Development Program of China(2021YFB1006200)Major Science and Technology Project of Henan Province in China(221100211200).Grant was received by S.Li.
文摘Adversarial distillation(AD)has emerged as a potential solution to tackle the challenging optimization problem of loss with hard labels in adversarial training.However,fixed sample-agnostic and student-egocentric attack strategies are unsuitable for distillation.Additionally,the reliability of guidance from static teachers diminishes as target models become more robust.This paper proposes an AD method called Learnable Distillation Attack Strategies and Evolvable Teachers Adversarial Distillation(LDAS&ET-AD).Firstly,a learnable distillation attack strategies generating mechanism is developed to automatically generate sample-dependent attack strategies tailored for distillation.A strategy model is introduced to produce attack strategies that enable adversarial examples(AEs)to be created in areas where the target model significantly diverges from the teachers by competing with the target model in minimizing or maximizing the AD loss.Secondly,a teacher evolution strategy is introduced to enhance the reliability and effectiveness of knowledge in improving the generalization performance of the target model.By calculating the experimentally updated target model’s validation performance on both clean samples and AEs,the impact of distillation from each training sample and AE on the target model’s generalization and robustness abilities is assessed to serve as feedback to fine-tune standard and robust teachers accordingly.Experiments evaluate the performance of LDAS&ET-AD against different adversarial attacks on the CIFAR-10 and CIFAR-100 datasets.The experimental results demonstrate that the proposed method achieves a robust precision of 45.39%and 42.63%against AutoAttack(AA)on the CIFAR-10 dataset for ResNet-18 and MobileNet-V2,respectively,marking an improvement of 2.31%and 3.49%over the baseline method.In comparison to state-of-the-art adversarial defense techniques,our method surpasses Introspective Adversarial Distillation,the top-performing method in terms of robustness under AA attack for the CIFAR-10 dataset,with enhancements of 1.40%and 1.43%for ResNet-18 and MobileNet-V2,respectively.These findings demonstrate the effectiveness of our proposed method in enhancing the robustness of deep learning networks(DNNs)against prevalent adversarial attacks when compared to other competing methods.In conclusion,LDAS&ET-AD provides reliable and informative soft labels to one of the most promising defense methods,AT,alleviating the limitations of untrusted teachers and unsuitable AEs in existing AD techniques.We hope this paper promotes the development of DNNs in real-world trust-sensitive fields and helps ensure a more secure and dependable future for artificial intelligence systems.
基金supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)Grant funded by the Korea government,Ministry of Science and ICT(MSIT)(No.2017-0-00168,Automatic Deep Malware Analysis Technology for Cyber Threat Intelligence).
文摘Antivirus vendors and the research community employ Machine Learning(ML)or Deep Learning(DL)-based static analysis techniques for efficient identification of new threats,given the continual emergence of novel malware variants.On the other hand,numerous researchers have reported that Adversarial Examples(AEs),generated by manipulating previously detected malware,can successfully evade ML/DL-based classifiers.Commercial antivirus systems,in particular,have been identified as vulnerable to such AEs.This paper firstly focuses on conducting black-box attacks to circumvent ML/DL-based malware classifiers.Our attack method utilizes seven different perturbations,including Overlay Append,Section Append,and Break Checksum,capitalizing on the ambiguities present in the PE format,as previously employed in evasion attack research.By directly applying the perturbation techniques to PE binaries,our attack method eliminates the need to grapple with the problem-feature space dilemma,a persistent challenge in many evasion attack studies.Being a black-box attack,our method can generate AEs that successfully evade both DL-based and ML-based classifiers.Also,AEs generated by the attack method retain their executability and malicious behavior,eliminating the need for functionality verification.Through thorogh evaluations,we confirmed that the attack method achieves an evasion rate of 65.6%against well-known ML-based malware detectors and can reach a remarkable 99%evasion rate against well-known DL-based malware detectors.Furthermore,our AEs demonstrated the capability to bypass detection by 17%of vendors out of the 64 on VirusTotal(VT).In addition,we propose a defensive approach that utilizes Trend Locality Sensitive Hashing(TLSH)to construct a similarity-based defense model.Through several experiments on the approach,we verified that our defense model can effectively counter AEs generated by the perturbation techniques.In conclusion,our defense model alleviates the limitation of the most promising defense method,adversarial training,which is only effective against the AEs that are included in the training classifiers.
基金supported by the National Natural Science Foundation of China(No.U21B2003,62072250,62072250,62172435,U1804263,U20B2065,61872203,71802110,61802212)the National Key R&D Program of China(No.2021QY0700)+4 种基金the Key Laboratory of Intelligent Support Technology for Complex Environments(Nanjing University of Information Science and Technology),Ministry of Education,and the Natural Science Foundation of Jiangsu Province(No.BK20200750)Open Foundation of Henan Key Laboratory of Cyberspace Situation Awareness(No.HNTS2022002)Post Graduate Research&Practice Innvoation Program of Jiangsu Province(No.KYCX200974)Open Project Fund of Shandong Provincial Key Laboratory of Computer Network(No.SDKLCN-2022-05)the Priority Academic Program Development of Jiangsu Higher Education Institutions(PAPD)Fund and Graduate Student Scientific Research Innovation Projects of Jiangsu Province(No.KYCX231359).
文摘In recent years,various adversarial defense methods have been proposed to improve the robustness of deep neural networks.Adversarial training is one of the most potent methods to defend against adversarial attacks.However,the difference in the feature space between natural and adversarial examples hinders the accuracy and robustness of the model in adversarial training.This paper proposes a learnable distribution adversarial training method,aiming to construct the same distribution for training data utilizing the Gaussian mixture model.The distribution centroid is built to classify samples and constrain the distribution of the sample features.The natural and adversarial examples are pushed to the same distribution centroid to improve the accuracy and robustness of the model.The proposed method generates adversarial examples to close the distribution gap between the natural and adversarial examples through an attack algorithm explicitly designed for adversarial training.This algorithm gradually increases the accuracy and robustness of the model by scaling perturbation.Finally,the proposed method outputs the predicted labels and the distance between the sample and the distribution centroid.The distribution characteristics of the samples can be utilized to detect adversarial cases that can potentially evade the model defense.The effectiveness of the proposed method is demonstrated through comprehensive experiments.
基金Taif University,Taif,Saudi Arabia through Taif University Researchers Supporting Project Number(TURSP-2020/115).
文摘Neural networks play a significant role in the field of image classification.When an input image is modified by adversarial attacks,the changes are imperceptible to the human eye,but it still leads to misclassification of the images.Researchers have demonstrated these attacks to make production self-driving cars misclassify StopRoad signs as 45 Miles Per Hour(MPH)road signs and a turtle being misclassified as AK47.Three primary types of defense approaches exist which can safeguard against such attacks i.e.,Gradient Masking,Robust Optimization,and Adversarial Example Detection.Very few approaches use Generative Adversarial Networks(GAN)for Defense against Adversarial Attacks.In this paper,we create a new approach to defend against adversarial attacks,dubbed Chained Dual-Generative Adversarial Network(CD-GAN)that tackles the defense against adversarial attacks by minimizing the perturbations of the adversarial image using iterative oversampling and undersampling using GANs.CD-GAN is created using two GANs,i.e.,CDGAN’s Sub-ResolutionGANandCDGAN’s Super-ResolutionGAN.The first is CDGAN’s Sub-Resolution GAN which takes the original resolution input image and oversamples it to generate a lower resolution neutralized image.The second is CDGAN’s Super-Resolution GAN which takes the output of the CDGAN’s Sub-Resolution and undersamples,it to generate the higher resolution image which removes any remaining perturbations.Chained Dual GAN is formed by chaining these two GANs together.Both of these GANs are trained independently.CDGAN’s Sub-Resolution GAN is trained using higher resolution adversarial images as inputs and lower resolution neutralized images as output image examples.Hence,this GAN downscales the image while removing adversarial attack noise.CDGAN’s Super-Resolution GAN is trained using lower resolution adversarial images as inputs and higher resolution neutralized images as output images.Because of this,it acts as an Upscaling GAN while removing the adversarial attak noise.Furthermore,CD-GAN has a modular design such that it can be prefixed to any existing classifier without any retraining or extra effort,and 2542 CMC,2023,vol.74,no.2 can defend any classifier model against adversarial attack.In this way,it is a Generalized Defense against adversarial attacks,capable of defending any classifier model against any attacks.This enables the user to directly integrate CD-GANwith an existing production deployed classifier smoothly.CD-GAN iteratively removes the adversarial noise using a multi-step approach in a modular approach.It performs comparably to the state of the arts with mean accuracy of 33.67 while using minimal compute resources in training.