Deep neural networks can be vulnerable to adversarial attacks, even for the mainstream Transformer-based models. Although several robustness enhancement approaches have been proposed, they usually focus on some certain type of perturbation. As the types of attack can be various and unpredictable in practical scenarios, a general and strong defense method is urgently in require. We notice that most well-trained models can be weakly robust in the perturbation space, i.e., only a small ratio of adversarial examples exist. Inspired by the weak robust property, this paper presents a novel ensemble method for enhancing robustness. We propose a lightweight framework PAD to save computational resources in realizing an ensemble. Instead of training multiple models, a plugin module is designed to perturb the parameters of a base model which can achieve the effect of multiple models. Then, to diversify adversarial example distributions among different models, we promote each model to have different attention patterns via optimizing a diversity measure we defined. Experiments on various widely-used datasets and target models show that PAD can consistently improve the defense ability against many types of adversarial attacks while maintaining accuracy on clean data. Besides, PAD also presents good interpretability via visualizing diverse attention patterns.

“湘方言语音研究已取得丰硕的研究成果,本文以中国知网中的“学术期刊库”为数据来源,采用文献计量分析的方法,通过CiteSpace等工具,从发文信息、聚类分析及演进趋势等维度对相关文献进行统计分析和可视化知识图谱绘制,全方位考察近四十年的研究概貌,提出“类型学”、“语音层次”将会是湘方言语音研究较新的、有待进一步开拓的领域,为今后开拓新的研究方向提供理论依据,为湖南语保工程的资源进行深度开发利用提供数据支撑。”