基于自适应策略优化的鲁棒精度权衡学习

doi:10.13328/j.cnki.jos.007522

微信小程序

微信服务号

微信订阅号

首页 > 过刊浏览>2026年第37卷第4期 >1472-1491. DOI:10.13328/j.cnki.jos.007522

PDF HTML阅读 XML下载导出引用引用提醒

基于自适应策略优化的鲁棒精度权衡学习
DOI:
                        10.13328/j.cnki.jos.007522
                    
CSTR:
                        
                    
作者:
                        
                        
                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:国家自然科学基金(62176160, U24A20322, 62376162); 广东省基础与应用基础研究基金自然科学基金(2024B1515020109); 广东省智能信息处理重点实验室(2023B1212060076)

Trade-off Learning for Robustness and Accuracy Based on Adaptive Strategy Optimization

Author:

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献

相似文献

引证文献

资源附件

文章评论

摘要:

对抗训练被视为提升深度模型鲁棒性的核心防御手段, 但其固有缺陷严重制约了实际应用效果. 传统对抗训练方法依赖固定攻击模式生成对抗样本, 导致训练过程中样本多样性不足、模型泛化能力受限, 且在鲁棒性与干净准确率间难以达成有效平衡. 更为关键的是, 现有对抗训练框架缺乏对训练过程的自适应控制, 容易引发鲁棒过拟合现象. 针对上述挑战, 利用演化优化提出一个自适应对抗训练框架, 称为基于自适应策略优化的鲁棒精度权衡学习, 简称TRA²SO. 该方法将遗传算法引入对抗训练过程, 通过动态调整不同训练阶段的对抗攻击策略, 实现对抗样本生成模式的渐进式复杂化. 这种层级递进的对抗机制不仅增强了样本多样性, 还可通过策略优化记录实现训练早停, 有效抑制过拟合风险. 在CIFAR系列数据集上的实验表明, 相较于传统对抗训练方法, 所提框架在维持基础分类性能的同时, 提升了模型面对多种攻击范式的防御能力, 且加快了训练收敛速度. 为对抗训练中鲁棒性-准确性的权衡提供了新思路, 对构建可信深度学习系统具有重要实践价值.

Abstract:

Adversarial training is regarded as a core defense mechanism for enhancing the robustness of deep models, yet its inherent limitations significantly constrain its effectiveness in practical applications. Traditional adversarial training methods rely on fixed attack patterns to generate adversarial examples (AEs), leading to insufficient sample diversity, limited generalization capabilities, and difficulties in achieving an effective balance between robustness and clean accuracy. More crucially, existing adversarial training frameworks lack adaptive control over the training process, resulting in the robust overfitting phenomenon. To address these challenges, an evolutionary optimization-based adaptive adversarial training framework is proposed, named trade-off robustness and accuracy via adaptive strategy optimization (TRA²SO). It innovatively integrates a genetic algorithm into adversarial training and achieves progressive complexity escalation in AE generation through dynamic adjustment of attack strategies across different training phases. This mechanism not only enhances sample diversity but also effectively suppresses overfitting risks through early stopping enabled by strategy optimization records. Experiments on CIFAR series datasets demonstrate that, compared with traditional adversarial training methods, the proposed TRA²SO framework maintains baseline classification performance while improving robustness against multiple attack paradigms and accelerating training convergence. This study provides new insights into the robustness-accuracy trade-off in adversarial training, offering significant practical value for building trustworthy deep learning systems.

参考文献

相似文献

引证文献

引用本文

翟浩杰,王冉,邬文慧,贾育衡.基于自适应策略优化的鲁棒精度权衡学习.软件学报,2026,37(4):1472-1491

复制

文章指标

点击次数:
下载次数:
HTML阅读次数:
引用次数:

历史

收稿日期:2025-04-15
最后修改日期:2025-06-30
录用日期:
在线发布日期: 2025-09-02
出版日期: 2026-04-06

微信小程序

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码