微信服务号

微信订阅号

2025-4-24- 11
Home > Archive>Volume 33, Issue 12, 2022 >4504-4516. DOI:10.13328/j.cnki.jos.006352
PDF HTML XML Export Cite reminder
Two-stage Adversarial Knowledge Transfer for Edge Intelligence
Author:
Affiliation:

Clc Number:

TP182

  • Article
    • | |
  • Metrics
    • |
  • Reference [49]
    • |
  • Related [20]
    • |
  • Cited by
    • | |
  • Comments
    Abstract:

    The emergence of adversarial examples brings challenges to the robustness of deep learning. With the development of edge intelligence, how to train a robust and compact deep learning mode on edge devices with limited computing resources is also a challenging problem. Since compact models cannot obtain sufficient robustness through conventional adversarial training, a method called two-stage adversarial knowledge transfer is proposed. The method transfers adversarial knowledge from data to models and complex models to compact models. The so-called adversarial knowledge has two forms, one is contained in data with the form of adversarial examples, and the other is contained in models with the form of decision boundary. The GPU clusters of cloud center is first leveraged to train the complex model with adversarial examples to realize the transfer of adversarial knowledge from data to models, and then an improved distillation approach is leveraged to realize the further transfer of adversarial knowledge from complex models to compact models on edge nodes. The experiments over MNIST and CIFAR-10 show that this two-stage adversarial knowledge transfers can efficiently improve the robustness and convergence of compact models.

    Reference
    [1] He K, Zhang X, Ren S, et al.Deep residual learning for image recognition.In:Proc.of the IEEE Conf.on Computer Vision and Pattern Recognition.2016.770-778.
    [2] Krizhevsky A, Sutskever I, Hinton GE.Imagenet classification with deep convolutional neural networks.Communications of the ACM, 2017, 60(6):84-90.
    [3] Sutskever I, Vinyals O, Le QV.Sequence to sequence learning with neural networks.Advances in Neural Information Processing Systems, 2014, 27:3104-3112.
    [4] He D, Xia Y, Qin T, et al.Dual learning for machine translation.Advances in Neural Information Processing Systems, 2016, 29:820-828.
    [5] Mishra A, Nurvitadhi E, Cook JJ, et al.WRPN:Wide reduced-precision networks.arXiv:1709.01134v1, 2017.
    [6] Canziani A, Paszke A, Culurciello E.An analysis of deep neural network models for practical applications.arXiv:1605.07678v4, 2016.
    [7] Chen J, Ran X.Deep learning with edge computing:A review.Proc.of the IEEE, 2019, 107(8):1655-1674.
    [8] Denil M, Shakibi B, Dinh L, et al.Predicting parameters in deep learning.Advances in Neural Information Processing Systems, 2013, 26:2148-2156.
    [9] Han S, Pool J, Tran J, et al.Learning both weights and connections for efficient neural network.Advances in Neural Information Processing Systems, 2015, 28:1135-1143.
    [10] Wu J, Leng C, Wang Y, et al.Quantized convolutional neural networks for mobile devices.In:Proc.of the IEEE Conf.on Computer Vision and Pattern Recognition.2016.4820-4828.
    [11] Hinton G, Vinyals O, Dean J.Distilling the knowledge in a neural network.arXiv:1503.02531v1, 2015.
    [12] Szegedy C, Zaremba W, Sutskever I, et al.Intriguing properties of neural networks.In:Proc.of the Int'l Conf.on Learning Representations.2014.
    [13] Goodfellow IJ, Shlens J, Szegedy C.Explaining and harnessing adversarial examples.Computer Science, 2014.
    [14] Kurakin A, Goodfellow I, Bengio S.Adversarial machine learning at scale.arXiv:611.01236v2, 2016.
    [15] Tramèr F, Kurakin A, Papernot N, et al.Ensemble adversarial training:Attacks and defenses.arXiv:1705.07204v5, 2017.
    [16] Madry A, Makelov A, Schmidt L, et al.Towards deep learning models resistant to adversarial attacks.arXiv:1706.06083v4, 2017.
    [17] Ma J.Research on application of knowledge distillation in deep learning adversarial examples[Ph.D.Thesis].Hangzhou:Zhejiang University of Science and Technology, 2020.24-31(in Chinese with English abstract).
    [18] Vapnik VN.An overview of statistical learning theory.IEEE Trans.on Neural Networks, 1999, 10(5):988-999.
    [19] Papernot N, McDaniel P, Goodfellow I, et al.Practical black-box attacks against machine learning.In:Proc.of the 2017 ACM on Asia Conf.on Computer and Communications Security.2017.506-519.
    [20] Zhang SS, Zuo X, Liu JW.The problem of adversarial examples in deep learning.Chinese Journal of Computers, 2019, 8:15(in Chinese with English abstract).
    [21] Heo B, Lee M, Yun S, et al.Knowledge transfer via distillation of activation boundaries formed by hidden neurons.In:Proc.of the AAAI Conference on Artificial Intelligence.2019.3779-3787.
    [22] Fawzi A, Moosavi-Dezfooli SM, Frossard P.The robustness of deep networks:A geometrical perspective.IEEE Signal Processing Magazine, 2017, 34(6):50-62.
    [23] Zhang H, Yu Y, Jiao J, et al.Theoretically principled trade-off between robustness and accuracy.In:Proc.of the Int'l Conf.on Machine Learning.2019.7472-7482.
    [24] Meng D, Chen H.Magnet:A two-pronged defense against adversarial examples.In:Proc.of the 2017 ACM SIGSAC Conf.on Computer and Communications Security.2017.135-147.
    [25] Polikar R.Ensemble Learning.Ensemble Machine Learning.Boston:Springer, 2012.1-34.
    [26] Breiman L.Bagging predictors.Machine Learning, 1996, 24(2):123-140.
    [27] Ding Y, Liu C, Zhou X, Liu Z, Tang Z.A code-oriented partitioning computation offloading strategy for multiple users and multiple mobile edge computing servers.IEEE Trans.on Industrial Informatics, 2019, 99:1.
    [28] Li KL, Liu CB.Edge intelligence:Current situation and prospects.Big Data Research, 2019, 5(3):69-75(in Chinese with English abstract).
    [29] Dhillon GS, Azizzadenesheli K, Lipton ZC, et al.Stochastic activation pruning for robust adversarial defense.arXiv:1803.01442v1, 2018.
    [30] Papernot N, McDaniel P.Extending defensive distillation.arXiv:1705.05264v1, 2017.
    [31] Papernot N, McDaniel P, Wu X, et al.Distillation as a defense to adversarial perturbations against deep neural networks.In:Proc.of the 2016 IEEE Symp.on Security and Privacy (SP).IEEE, 2016.582-597.
    [32] Xu W, Evans D, Qi Y.Feature squeezing:Detecting adversarial examples in deep neural networks.In:Proc.of the Network and Distributed System Security Symp.2017.
    [33] Hosseini H, Chen Y, Kannan S, et al.Blocking transferability of adversarial examples in black-box learning systems.arXiv:1703.04318v1, 2017.
    [34] Liao F, Liang M, Dong Y, et al.Defense against adversarial attacks using high-level representation guided denoiser.In:Proc.of the IEEE Conf.on Computer Vision and Pattern Recognition.2018.1778-1787.
    [35] Athalye A, Carlini N, Wagner D.Obfuscated gradients give a false sense of security:Circumventing defenses to adversarial examples.arXiv:1802.00420, 2018.
    [36] Tsipras D, Santurkar S, Engstrom L, et al.Robustness may be at odds with accuracy.In:Proc.of the Int'l Conf.on Learning Representations.2019.
    [37] Wang L, Ding GW, Huang R, et al.Adversarial robustness of pruned neural networks.2018.
    [38] Guo Y, Zhang C, Zhang C, et al.Sparse dnns with improved adversarial robustness.Advances in Neural Information Processing Systems, 2018, 31:242-251.
    [39] Xiao KY, Tjeng V, Shafiullah NM, et al.Training for faster adversarial robustness verification via inducing relu stability.In:Proc.of the Int'l Conf.on Learning Representations.2019.
    [40] Ye S, Xu K, Liu S, et al.Adversarial robustness vs.model compression, or both? In:Proc.of the IEEE/CVF Int'l Conf.on Computer Vision.2019.111-120.
    [41] Gui S, Wang HN, Yang H, et al.Model compression with adversarial robustness:A unified optimization framework.In:Proc.of the Advances in Neural Information Processing Systems.2019.1285-1296.
    [42] Xie H, Xiang X, Liu N, et al.Blind adversarial training:Balance accuracy and robustness.arXiv:2004.05914, 2020.
    [43] Cubuk ED, Zoph B, Schoenholz SS, et al.Intriguing properties of adversarial examples.arXiv:1711.02846v1, 2017.
    [44] Chen H, Zhang B, Xue S, et al.Anti-Bandit neural architecture search for model defense.In:Proc.of the European Conf.on Computer Vision.Cham:Springer, 2020.70-85.
    [45] Yue Z, Lin B, Huang X, et al.Effective, efficient and robust neural architecture search.arXiv:2011.09820v1, 2020.
    附中文参考文献:
    [17] 马骏.知识蒸馏在深度学习对抗样本中的应用研究[博士学位论文].杭州:浙江科技学院, 2020.24-31.
    [20] 张思思, 左信, 刘建伟.深度学习中的对抗样本问题.计算机学报, 2019, 41(8):15-36.
    [28] 李肯立, 刘楚波.边缘智能:现状和展望.大数据, 2019, 5(3):69-75.
    Cited by
    Comments
    Comments
    分享到微博
    Submit
Get Citation

钱亚冠,马骏,何念念,王滨,顾钊铨,凌祥,Wassim Swaileh.面向边缘智能的两阶段对抗知识迁移方法.软件学报,2022,33(12):4504-4516

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:March 06,2020
  • Revised:March 08,2021
  • Online: December 03,2022
  • Published: December 06,2022
Links:Institute of Software, CASChina Computer FederationCASNSFC
You are the first2038017Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063