With the rapid advancements and notable achievements across various application
domains, Machine Learning (ML) has become a vital element within the Internet of Things …

In recent years, artificial intelligence technology represented by deep learning has achieved
remarkable results in image recognition, semantic analysis, natural language processing …

Adversarial training has been shown to be one of the most effective approaches to improve
the robustness of deep neural networks. It is formalized as a min-max optimization over …

Recent studies on compression of pretrained language models (eg, BERT) usually use
preserved accuracy as the metric for evaluation. In this paper, we propose two new metrics …

In adversarial training (AT), the main focus has been the objective and optimizer while the
model has been less studied, so that the models being used are still those classic ones in …

Stochastic gradient descent (SGD) and adaptive gradient methods, such as Adam and
RMSProp, have been widely used in training deep neural networks. We empirically show …

The parameter perturbation attack is a safety threat to deep learning, where small parameter
perturbations are made such that the attacked network gives wrong or desired labels of the …

The integration of an ensemble of deep learning models has been extensively explored to
enhance defense against adversarial attacks. The diversity among sub-models increases …

In this paper, the bias classifier is introduced, that is, the bias part of a DNN with Relu as the
activation function is used as a classifier. The work is motivated by the fact that the bias part …

对抗鲁棒性指的是模型抵抗对抗样本的能力, 对抗训练是提高模型对抗鲁棒性的一种常用方法.
然而, 对抗训练会降低模型在干净样本上的准确率, 这种现象被称为 accuracy-robustness …