The deep neural network has attained significant efficiency in image recognition. However, it has vulnerable recognition robustness under extensive data uncertainty in practical applications. The uncertainty is attributed to the inevitable ambient noise and, more importantly, the possible adversarial attack. Dynamic methods can effectively improve the defense initiative in the arms race of attack and defense of adversarial examples. Different from the previous dynamic method depend on input or decision, this work explore the dynamic attributes in model level through dynamic ensemble selection technology to further protect the model from white-box attacks and improve the robustness. Specifically, in training phase the Dirichlet distribution is apply as prior of sub-models' predictive distribution, and the diversity constraint in parameter space is introduced under the lightweight sub-models to construct alternative ensembel model spaces. In test phase, the certain sub-models are dynamically selected based on their rank of uncertainty value for the final prediction to ensure the majority accurate principle in ensemble robustness and accuracy. Compared with the previous dynamic method and staic adversarial traning model, the presented approach can achieve significant robustness results without damaging accuracy by combining dynamics and diversity property.

翻译：深度神经网络在图像识别中取得了显著成效。然而，在实际应用中，由于广泛的数据不确定性，其识别鲁棒性较为脆弱。这种不确定性不仅源于不可避免的环境噪声，更重要的还来自于可能的对抗攻击。在对抗样本的攻防竞赛中，动态方法能有效提升防御的主动性。与以往依赖于输入或决策的动态方法不同，本文从模型层面探索动态属性，通过动态集成选择技术进一步保护模型免受白盒攻击并提升鲁棒性。具体而言，在训练阶段采用狄利克雷分布作为子模型预测分布的先验，并在轻量化子模型下引入参数空间多样性约束，构建备选集成模型空间。在测试阶段，根据子模型不确定性值的排序动态选择特定子模型进行最终预测，从而在集成鲁棒性与准确性中确保多数正确原则。与以往的动态方法和静态对抗训练模型相比，本文方法通过结合动态性与多样性特性，能够在不损害准确性的情况下取得显著的鲁棒性效果。