Combating Adversaries with Anti-Adversaries

03/26/2021
by   Motasem Alfarra, et al.
26

Deep neural networks are vulnerable to small input perturbations known as adversarial attacks. Inspired by the fact that these adversaries are constructed by iteratively minimizing the confidence of a network for the true class label, we propose the anti-adversary layer, aimed at countering this effect. In particular, our layer generates an input perturbation in the opposite direction of the adversarial one, and feeds the classifier a perturbed version of the input. Our approach is training-free and theoretically supported. We verify the effectiveness of our approach by combining our layer with both nominally and robustly trained models, and conduct large scale experiments from black-box to adaptive attacks on CIFAR10, CIFAR100 and ImageNet. Our anti-adversary layer significantly enhances model robustness while coming at no cost on clean accuracy.

READ FULL TEXT

page 8

page 15

research
04/25/2023

Combining Adversaries with Anti-adversaries in Training

Adversarial training is an effective learning technique to improve the r...
research
08/08/2017

Cascade Adversarial Machine Learning Regularized with a Unified Embedding

Deep neural network classifiers are vulnerable to small input perturbati...
research
02/08/2017

Adversarial Attacks on Neural Network Policies

Machine learning classifiers are known to be vulnerable to inputs malici...
research
02/20/2018

Out-distribution training confers robustness to deep neural networks

The easiness at which adversarial instances can be generated in deep neu...
research
07/16/2015

Deep Learning and Music Adversaries

An adversary is essentially an algorithm intent on making a classificati...
research
12/18/2021

Being Friends Instead of Adversaries: Deep Networks Learn from Data Simplified by Other Networks

Amongst a variety of approaches aimed at making the learning procedure o...
research
07/01/2019

Diminishing the Effect of Adversarial Perturbations via Refining Feature Representation

Deep neural networks are highly vulnerable to adversarial examples, whic...

Please sign up or login with your details

Forgot password? Click here to reset