Neural Networks with Structural Resistance to Adversarial Attacks

by   Luca de Alfaro, et al.

In adversarial attacks to machine-learning classifiers, small perturbations are added to input that is correctly classified. The perturbations yield adversarial examples, which are virtually indistinguishable from the unperturbed input, and yet are misclassified. In standard neural networks used for deep learning, attackers can craft adversarial examples from most input to cause a misclassification of their choice. We introduce a new type of network units, called RBFI units, whose non-linear structure makes them inherently resistant to adversarial attacks. On permutation-invariant MNIST, in absence of adversarial attacks, networks using RBFI units match the performance of networks using sigmoid units, and are slightly below the accuracy of networks with ReLU units. When subjected to adversarial attacks, networks with RBFI units retain accuracies above 90 attacks that degrade the accuracy of networks with ReLU or sigmoid units to below 2 resistance to adversarial attacks even to ReLU and sigmoid networks trained with the help of adversarial examples. The non-linear structure of RBFI units makes them difficult to train using standard gradient descent. We show that networks of RBFI units can be efficiently trained to high accuracies using pseudogradients, computed using functions especially crafted to facilitate learning instead of their true derivatives. We show that the use of pseudogradients makes training deep RBFI networks practical, and we compare several structural alternatives of RBFI networks for their accuracy.


page 1

page 2

page 3

page 4


A New Family of Neural Networks Provably Resistant to Adversarial Attacks

Adversarial attacks add perturbations to the input features with the int...

Improving Back-Propagation by Adding an Adversarial Gradient

The back-propagation algorithm is widely used for learning in artificial...

Verifying Neural Networks with Mixed Integer Programming

Neural networks have demonstrated considerable success in a wide variety...

Adversarial Robustness is at Odds with Lazy Training

Recent works show that random neural networks are vulnerable against adv...

Inspecting adversarial examples using the Fisher information

Adversarial examples are slight perturbations that are designed to fool ...

Mitigating Adversarial Attacks in Deepfake Detection: An Exploration of Perturbation and AI Techniques

Deep learning is a crucial aspect of machine learning, but it also makes...

Utilizing a null class to restrict decision spaces and defend against neural network adversarial attacks

Despite recent progress, deep neural networks generally continue to be v...

Please sign up or login with your details

Forgot password? Click here to reset