Khan, SarwarSarwarKhanChen, Jun ChengJun ChengChenLiao, Wen HungWen HungLiaoCHU-SONG CHEN2023-09-012023-09-012023-07-0114248220https://scholars.lib.ntu.edu.tw/handle/123456789/634873Adversarial attacks have become one of the most serious security issues in widely used deep neural networks. Even though real-world datasets usually have large intra-variations or multiple modes, most adversarial defense methods, such as adversarial training, which is currently one of the most effective defense methods, mainly focus on the single-mode setting and thus fail to capture the full data representation to defend against adversarial attacks. To confront this challenge, we propose a novel multi-prototype metric learning regularization for adversarial training which can effectively enhance the defense capability of adversarial training by preventing the latent representation of the adversarial example changing a lot from its clean one. With extensive experiments on CIFAR10, CIFAR100, MNIST, and Tiny ImageNet, the evaluation results show the proposed method improves the performance of different state-of-the-art adversarial training methods without additional computational cost. Furthermore, besides Tiny ImageNet, in the multi-prototype CIFAR10 and CIFAR100 where we reorganize the whole datasets of CIFAR10 and CIFAR100 into two and ten classes, respectively, the proposed method outperforms the state-of-the-art approach by 2.22% and 1.65%, respectively. Furthermore, the proposed multi-prototype method also outperforms its single-prototype version and other commonly used deep metric learning approaches as regularization for adversarial training and thus further demonstrates its effectiveness.enadversarial attacks | adversarial training | classification | metric learning | multi-mode | prototypes[SDGs]SDG3journal article10.3390/s23136173374480212-s2.0-85164845162https://api.elsevier.com/content/abstract/scopus_id/85164845162