loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Aristeidis Bifis and Emmanouil Psarakis

Affiliation: Computer Engineering & Informatics Department, University of Patras, Patras, Greece

Keyword(s): Adversarial Defense, Adversarial Training, Neural Network Robustness, Adversarial Robustness, Deep Learning, Convolutional Layers, Null-Space Projection, Range-Space Projection, Orthogonal Projection, PGD, White Box, Feature Manipulation.

Abstract: Adversarial training is the standard method for improving the robustness of neural networks against adversarial attacks. However, a well-known trade-off exists: while adversarial training increases resilience to perturbations, it often results in a significant reduction in accuracy on clean (unperturbed) data. This compromise leads to models that are more resistant to adversarial attacks but less effective on natural inputs. In this paper, we introduce an extension to adversarial training by applying novel constraints on convolutional layers, that address this trade-off. Specifically, we use orthogonal projections to decompose the learned features into clean signal and adversarial noise, projecting them onto the range and null spaces of the network’s weight matrices. These constraints improve the separation of adversarial noise from useful signals during training, enhancing robustness while preserving the same performance on clean data as adversarial training. Our approach achieves s ignificant improvements in robust accuracy while maintaining comparable clean accuracy, providing a balanced and effective adversarial defense strategy. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.128.199.58

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Bifis, A. and Psarakis, E. (2025). OrthoCNN: Mitigating Adversarial Noise in Convolutional Neural Networks via Orthogonal Projections. In Proceedings of the 20th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: VISAPP; ISBN 978-989-758-728-3; ISSN 2184-4321, SciTePress, pages 889-896. DOI: 10.5220/0013389500003912

@conference{visapp25,
author={Aristeidis Bifis and Emmanouil Psarakis},
title={OrthoCNN: Mitigating Adversarial Noise in Convolutional Neural Networks via Orthogonal Projections},
booktitle={Proceedings of the 20th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: VISAPP},
year={2025},
pages={889-896},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013389500003912},
isbn={978-989-758-728-3},
issn={2184-4321},
}

TY - CONF

JO - Proceedings of the 20th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: VISAPP
TI - OrthoCNN: Mitigating Adversarial Noise in Convolutional Neural Networks via Orthogonal Projections
SN - 978-989-758-728-3
IS - 2184-4321
AU - Bifis, A.
AU - Psarakis, E.
PY - 2025
SP - 889
EP - 896
DO - 10.5220/0013389500003912
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic