AdvMS: A Multi-source Multi-cost Defense Against Adversarial Attacks

by   Xiao Wang, et al.

Designing effective defense against adversarial attacks is a crucial topic as deep neural networks have been proliferated rapidly in many security-critical domains such as malware detection and self-driving cars. Conventional defense methods, although shown to be promising, are largely limited by their single-source single-cost nature: The robustness promotion tends to plateau when the defenses are made increasingly stronger while the cost tends to amplify. In this paper, we study principles of designing multi-source and multi-cost schemes where defense performance is boosted from multiple defending components. Based on this motivation, we propose a multi-source and multi-cost defense scheme, Adversarially Trained Model Switching (AdvMS), that inherits advantages from two leading schemes: adversarial training and random model switching. We show that the multi-source nature of AdvMS mitigates the performance plateauing issue and the multi-cost nature enables improving robustness at a flexible and adjustable combination of costs over different factors which can better suit specific restrictions and needs in practice.


page 1

page 2

page 3

page 4


Exploring Adversarial Attacks and Defenses in Vision Transformers trained with DINO

This work conducts the first analysis on the robustness against adversar...

Protecting Neural Networks with Hierarchical Random Switching: Towards Better Robustness-Accuracy Trade-off for Stochastic Defenses

Despite achieving remarkable success in various domains, recent studies ...

Comment on "Adv-BNN: Improved Adversarial Defense through Robust Bayesian Neural Network"

A recent paper by Liu et al. combines the topics of adversarial training...

An Empirical Review of Adversarial Defenses

From face recognition systems installed in phones to self-driving cars, ...

Exploring and Improving Robustness of Multi Task Deep Neural Networks via Domain Agnostic Defenses

In this paper, we explore the robustness of the Multi-Task Deep Neural N...

Adversarial Attacks and Defense on Textual Data: A Review

Deep leaning models have been used widely for various purposes in recent...

Adversarial Attacks and Defense on Texts: A Survey

Deep leaning models have been used widely for various purposes in recent...