Deep Variational Sphere Projection For Adversarial Robust And Discriminative Feature Extraction

Thanks to the rapid development of computation infrastructures as well as the increasing richness of data,we are now possible to train deep neural networks with unprecedented capacity.Deep neural networks has harvested innumerable successes in a wide range of fields,including biometric identification tasks such as face and iris recognition.The popularities of deep neural network in biometric identification are mainly owned to its outstanding capacity as discriminant feature extractors.However,recent studies have shown that there are serious security risks in deep neural networks due to the so-called adversarial attacks.These attacks can easily cause a deep neural network to make completely wrong decisions by perturbing tiny changes in input image,which is completely intolerable in biometric identification applications.Therefore,it is of great theoretical significance and application value to improve the robustness of the deep feature extractor against adversarial attacks while keeping its feature as discriminative as possible.In this paper,we propose a new deep feature extractor structure and its training method for taking both model's adversarial robustness and feature's discrimination into consideration.Our work includes the following contents:Firstly,we introduce the research background and significance of adversarial robustness discriminative feature extractor.Then we evaluate the advantages and disadvantages of the state-of-the-arts in this field,and found that the existing deep feature extractor training methods can not balance the adversarial robustness of the model and the discrimination of the features,and there is no suitable index for evaluating the adversarial robustness of deep feature extractor.Then,to solve this problem,we propose a training method that combined variational parameter coding structure and adversarial training for both the adversarial robustness of model and the discrimination of features.Moreover,we evaluate the adversarial robustness of model by constructing an adversarial attack on the feature space.The contributions of this paper are threefold:(1)We use the variational parameter coding structure for high discriminative feature extraction and propose variational sphere projection model.(2)For the first time,we apply adversarial training to the training the discriminative feature extractor.Under the variational sphere projection model,we can guarantee the feature discriminative ability and take into account the adversarial robustness of the model.(3)We propose a symmetry adversarial robustness assessment index,which can more accurately reflect the adversarial robustness of the feature extractor.Extensive experiments were conducted on MNIST dataset and the CASIA-webFace/LFW dataset to verify the effectiveness of our model.All experimental results were visualized.Notably,while achieving similar recognition performance to the state-of-the-art SphereFace method on face datasets,our model is able to increase the adversarial robustness by up to 704.05%,showing its great superiority.Future work was pointed out in the end of this work.