Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Enhancing robustness of data-driven SHM models: adversarial training with circle loss

Xiangli Yang, Xijie Deng, Hanwei Zhang, Yang Zou, Jianxi Yang

TL;DR

This paper proposes an adversarial training method for defense, which uses circle loss to optimize the distance between features in training to keep examples away from the decision boundary, and demonstrates substantial improvements in model robustness, surpassing existing defense mechanisms.

Abstract

Structural health monitoring (SHM) is critical to safeguarding the safety and reliability of aerospace, civil, and mechanical infrastructure. Machine learning-based data-driven approaches have gained popularity in SHM due to advancements in sensors and computational power. However, machine learning models used in SHM are vulnerable to adversarial examples -- even small changes in input can lead to different model outputs. This paper aims to address this problem by discussing adversarial defenses in SHM. In this paper, we propose an adversarial training method for defense, which uses circle loss to optimize the distance between features in training to keep examples away from the decision boundary. Through this simple yet effective constraint, our method demonstrates substantial improvements in model robustness, surpassing existing defense mechanisms.

Enhancing robustness of data-driven SHM models: adversarial training with circle loss

TL;DR

This paper proposes an adversarial training method for defense, which uses circle loss to optimize the distance between features in training to keep examples away from the decision boundary, and demonstrates substantial improvements in model robustness, surpassing existing defense mechanisms.

Abstract

Structural health monitoring (SHM) is critical to safeguarding the safety and reliability of aerospace, civil, and mechanical infrastructure. Machine learning-based data-driven approaches have gained popularity in SHM due to advancements in sensors and computational power. However, machine learning models used in SHM are vulnerable to adversarial examples -- even small changes in input can lead to different model outputs. This paper aims to address this problem by discussing adversarial defenses in SHM. In this paper, we propose an adversarial training method for defense, which uses circle loss to optimize the distance between features in training to keep examples away from the decision boundary. Through this simple yet effective constraint, our method demonstrates substantial improvements in model robustness, surpassing existing defense mechanisms.
Paper Structure (24 sections, 6 equations, 9 figures, 12 tables, 1 algorithm)

This paper contains 24 sections, 6 equations, 9 figures, 12 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Adversarial vulnerability of data-driven SHM
  3. Threat model
  4. Adversary's knowledge.
  5. Adversary's goal.
  6. Adversary's capability.
  7. Adversarial attacks
  8. Defense strategies
  9. Adversarial training
  10. Methodology
  11. Circle loss
  12. Adversarial training with circle loss
  13. Experiment
  14. SHM datasets and classifiers
  15. Three-span continuous rigid frame bridge (TCRF bridge) scale model
  16. ...and 9 more sections

Figures (9)

  • Figure 1: A conceptual illustration of decision boundaries after different training. Each circle represents a sample and its adversarial space within a perturbation budget $\epsilon$. In standard training, samples of different classes can be easily separated by a simple decision boundary, but this simple decision boundary cannot separate samples with adversarial perturbations. So some adversarial examples (noted by red stars) are misclassified. Conventional adversarial training learns a more complex decision boundary and separates samples with a certain perturbation budget, but it is powerless for samples with a larger perturbation budget. Our method can withstand large perturbations budget.
  • Figure 2: Acceleration curves for four states and the typical samples for each state.
  • Figure 3: TCRF bridge scale model.
  • Figure 4: PCBG network structure.
  • Figure 5: BIM attacks ($\epsilon=0.003$) on the TCRF bridge scale model dataset. The adversarial sample is semantically similar to the original samples of DC3 (damaged), but the classification results are the same as the target sample of DC0 (undamaged).
  • ...and 4 more figures