Boosting adversarial training in safety-critical systems through boundary data selection

Author

Yifan JIA
Christopher M. POSKITT, Singapore Management UniversityFollow
Peixin ZHANG
Jingyi WANG
Jun SUN, Singapore Management UniversityFollow
Sudipta CHATTOPADHYAY

Publication Type

Journal Article

Version

acceptedVersion

Publication Date

10-2023

Abstract

AI-enabled collaborative robots are designed to be used in close collaboration with humans, thus requiring stringent safety standards and quick response times. Adversarial attacks pose a significant threat to the deep learning models of these systems, making it crucial to develop methods to improve the models' robustness against them. Adversarial training is one approach to improve their robustness: it works by augmenting the training data with adversarial examples. This, unfortunately, comes with the cost of increased computational overhead and extended training times. In this work, we balance the need for additional adversarial data with the goal of minimizing the training costs by selecting the most ‘valuable’ data for adversarial training. In particular, we propose a robustness-oriented boundary data selection method, RAST-AT, which stands for robust and fast adversarial training. RAST-AT selects training data near to the boundary by considering adversarial perturbations. Our method improves the speed of model training on CIFAR-10 by 68.67%, and compared to other data selection methods, has 10% higher accuracy with 10% training data selected, and 7% higher robustness with 4% training data selected. Our method also significantly improves efficiency by at least 25% in adversarial training, with the same performance. Finally, we evaluate our method on a cobot system, generating adversarial patches as attacks, and adopting RAST-AT as the defense. We find that RAST-AT can defend against 60% of untargeted attacks and 20% of targeted attacks. Our work highlights the benefits of developing effective defenses against adversarial attacks to ensure the security and reliability of AI-powered safety-critical systems.

Keywords

Data selection, AI-enabled industrial systems, trustworthy systems, adversarial training

Discipline

Databases and Information Systems | Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

IEEE Robotics and Automation Letters

First Page

8350

Last Page

8357

ISSN

2377-3766

Identifier

10.1109/LRA.2023.3327934

Publisher

Institute of Electrical and Electronics Engineers

Citation

JIA, Yifan; POSKITT, Christopher M.; ZHANG, Peixin; WANG, Jingyi; SUN, Jun; and CHATTOPADHYAY, Sudipta. Boosting adversarial training in safety-critical systems through boundary data selection. (2023). IEEE Robotics and Automation Letters. 8350-8357.
Available at: https://ink.library.smu.edu.sg/sis_research/8303

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1109/LRA.2023.3327934