As machine learning techniques become increasingly prevalent in data analysis, the threat of adversarial attacks has surged, necessitating robust defense mechanisms. Among these defenses, methods exploiting low-rank approximations for input data preprocessing and neural network (NN) parameter factorization have shown potential. Our work advances this field further by integrating the tensorization of input data with low-rank decomposition and tensorization of NN parameters to enhance adversarial defense. The proposed approach demonstrates significant defense capabilities, maintaining robust accuracy even when subjected to the strongest known auto-attacks. Evaluations against leading-edge robust performance benchmarks reveal that our results not only hold their ground against the best defensive methods available but also exceed all current defense strategies that rely on tensor factorizations. This study underscores the potential of integrating tensorization and low-rank decomposition as a robust defense against adversarial attacks in machine learning.

翻译：随着机器学习技术在数据分析中日益普及，对抗攻击的威胁加剧，亟需鲁棒的防御机制。在现有防御方法中，利用低秩近似进行输入数据预处理和神经网络参数分解的技术展现出潜力。本研究通过将输入数据的张量化与低秩分解及神经网络参数的张量化相结合，进一步推动了该领域的发展，从而增强对抗防御能力。所提出的方法展现出显著的防御性能，即使在面对已知最强自动攻击时仍能保持鲁棒准确性。与最前沿鲁棒性能基准的评估对比表明，我们的结果不仅与现有最佳防御方法相抗衡，而且超越了所有依赖张量分解的当前防御策略。本研究凸显了将张量化与低秩分解相结合作为机器学习中应对对抗攻击的鲁棒防御手段的潜力。