hh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Improving adversarial robustness of traffic sign image recognition networks
Halmstad University, School of Information Technology. Faculty of Electrical and Computer Engineering, Semnan University, Semnan, Iran.ORCID iD: 0000-0001-5191-0424
Faculty of Electrical and Computer Engineering, Semnan University, Semnan, Iran; Faculty of Electrical and Computer Engineering, University of Windsor, Windsor, Canada.
Faculty of Electrical and Computer Engineering, University of Windsor, Windsor, Canada.
2022 (English)In: Displays (Guildford), ISSN 0141-9382, E-ISSN 1872-7387, Vol. 74, article id 102277Article in journal (Refereed) Published
Abstract [en]

The robustness of deep neural networks is an increasingly essential issue as they become more and more prevalent in several real-world applications like autonomous vehicles. If traffic signs turn to adversarial examples, an autonomous vehicle will probably be misled and cause fatal accidents. To improve adversarial robustness, a new cost function for training convolutional neural recognition networks is proposed in this paper. Recent works proved that by employing the classifier probabilities on the complement (incorrect) classes as well as the ground-truth class in Softmax Cross Entropy, the model achieves better performance on adversarial inputs. In this paper, we show that in addition to using the information from Softmax layer, the extracted features from convolutional layers also enhance the robustness. In our new cost function, Regularized Guided Complement Entropy (RGCE), by decreasing the output of convolutional layers’ activation functions alongside utilizing Softmax layer output in training phase, we reach better model performance on adversarial attacks. Our proposed algorithm is evaluated on CIFAR-10 and GTSRB datasets. The performances of different convolutional neural networks on clean and adversarial images are reported and compared with other methods. © 2022 Published by Elsevier B.V. 

Place, publisher, year, edition, pages
Amsterdam: Elsevier, 2022. Vol. 74, article id 102277
Keywords [en]
Adversarial robustness, Adversarial attacks, Convolutional neural network, Traffic sign
National Category
Engineering and Technology Other Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:hh:diva-48422DOI: 10.1016/j.displa.2022.102277ISI: 000866301700004Scopus ID: 2-s2.0-85135516728OAI: oai:DiVA.org:hh-48422DiVA, id: diva2:1703257
Available from: 2022-10-12 Created: 2022-10-12 Last updated: 2022-11-09Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Hashemi, Atiye Sadat

Search in DiVA

By author/editor
Hashemi, Atiye Sadat
By organisation
School of Information Technology
In the same journal
Displays (Guildford)
Engineering and TechnologyOther Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 160 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf