Defensive Dropout for Hardening Deep Neural Networks under Adversarial Attacks

09/13/2018
by   Siyue Wang, et al.
0

Deep neural networks (DNNs) are known vulnerable to adversarial attacks. That is, adversarial examples, obtained by adding delicately crafted distortions onto original legal inputs, can mislead a DNN to classify them as any target labels. This work provides a solution to hardening DNNs under adversarial attacks through defensive dropout. Besides using dropout during training for the best test accuracy, we propose to use dropout also at test time to achieve strong defense effects. We consider the problem of building robust DNNs as an attacker-defender two-player game, where the attacker and the defender know each others' strategies and try to optimize their own strategies towards an equilibrium. Based on the observations of the effect of test dropout rate on test accuracy and attack success rate, we propose a defensive dropout algorithm to determine an optimal test dropout rate given the neural network model and the attacker's strategy for generating adversarial examples.We also investigate the mechanism behind the outstanding defense effects achieved by the proposed defensive dropout. Comparing with stochastic activation pruning (SAP), another defense method through introducing randomness into the DNN model, we find that our defensive dropout achieves much larger variances of the gradients, which is the key for the improved defense effects (much lower attack success rate). For example, our defensive dropout can reduce the attack success rate from 100 13.89

READ FULL TEXT

page 1

page 2

page 3

page 4

research
04/09/2018

An ADMM-Based Universal Framework for Adversarial Attacks on Deep Neural Networks

Deep neural networks (DNNs) are known vulnerable to adversarial attacks....
research
06/03/2021

Improving the Transferability of Adversarial Examples with New Iteration Framework and Input Dropout

Deep neural networks(DNNs) is vulnerable to be attacked by adversarial e...
research
12/10/2020

An Empirical Review of Adversarial Defenses

From face recognition systems installed in phones to self-driving cars, ...
research
07/30/2020

A Data Augmentation-based Defense Method Against Adversarial Attacks in Neural Networks

Deep Neural Networks (DNNs) in Computer Vision (CV) are well-known to be...
research
10/24/2021

ADC: Adversarial attacks against object Detection that evade Context consistency checks

Deep Neural Networks (DNNs) have been shown to be vulnerable to adversar...
research
10/12/2022

Few-shot Backdoor Attacks via Neural Tangent Kernels

In a backdoor attack, an attacker injects corrupted examples into the tr...
research
07/21/2023

FMT: Removing Backdoor Feature Maps via Feature Map Testing in Deep Neural Networks

Deep neural networks have been widely used in many critical applications...

Please sign up or login with your details

Forgot password? Click here to reset