n-ML: Mitigating Adversarial Examples via Ensembles of Topologically Manipulated Classifiers

12/19/2019
by   Mahmood Sharif, et al.
17

This paper proposes a new defense called n-ML against adversarial examples, i.e., inputs crafted by perturbing benign inputs by small amounts to induce misclassifications by classifiers. Inspired by n-version programming, n-ML trains an ensemble of n classifiers, and inputs are classified by a vote of the classifiers in the ensemble. Unlike prior such approaches, however, the classifiers in the ensemble are trained specifically to classify adversarial examples differently, rendering it very difficult for an adversarial example to obtain enough votes to be misclassified. We show that n-ML roughly retains the benign classification accuracies of state-of-the-art models on the MNIST, CIFAR10, and GTSRB datasets, while simultaneously defending against adversarial examples with better resilience than the best defenses known to date and, in most cases, with lower classification-time overhead.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset