Hardening Deep Neural Networks via Adversarial Model Cascades
share
Deep neural networks (DNNs) have been shown to be vulnerable to adversarial examples - malicious inputs which are crafted by the adversary to induce the trained model to produce erroneous outputs. This vulnerability has inspired a lot of research on how to secure neural networks against these kinds of attacks. Although existing techniques increase the robustness of the models against white-box attacks, they are ineffective against black-box attacks. To address the challenge of black-box adversarial attacks, we propose Adversarial Model Cascades (AMC); a framework that performs better than existing state-of-the-art defenses, in both black-box and white-box settings and is easy to integrate into existing set-ups. Our approach trains a cascade of models by injecting images crafted from an already defended proxy model, to improve the robustness of the target models against multiple adversarial attacks simultaneously, in both white-box and black-box settings. We conducted an extensive experimental study to prove the efficiency of our method against multiple attacks; comparing it to numerous defenses, both in white-box and black-box setups.
READ FULL TEXT