Random Spiking and Systematic Evaluation of Defenses Against Adversarial Examples

12/05/2018
by   Huangyi Ge, et al.
8

Image classifiers often suffer from adversarial examples, which are generated by adding a small amount of noises to input images to trick classifiers into misclassification. Over the years, many defense mechanisms have been proposed, and different researchers have made seemingly contradictory claims on their effectiveness. We argue that such discrepancies are primarily due to inconsistent assumptions on the attacker's knowledge. To this end, we present an analysis of possible adversarial models, and propose an evaluation framework for comparing different defense mechanisms. As part of the framework, we introduced a more powerful and realistic adversary strategy. We propose a new defense mechanism called Random Spiking (RS), which generalizes dropout and introduces random noises in the training process in a controlled manner. With a carefully chosen placement, RS incurs negligible negative impact on prediction accuracy. Evaluations under our proposed framework suggest RS delivers better protection against adversarial examples than many existing schemes.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 13

page 15

page 16

page 17

page 18

10/23/2018

Stochastic Substitute Training: A Gray-box Approach to Craft Adversarial Examples Against Gradient Obfuscation Defenses

It has been shown that adversaries can craft example inputs to neural ne...
12/04/2020

Advocating for Multiple Defense Strategies against Adversarial Examples

It has been empirically observed that defense mechanisms designed to pro...
09/13/2021

Randomized Substitution and Vote for Textual Adversarial Example Detection

A line of work has shown that natural text processing models are vulnera...
02/18/2019

AuxBlocks: Defense Adversarial Example via Auxiliary Blocks

Deep learning models are vulnerable to adversarial examples, which poses...
03/05/2018

Stochastic Activation Pruning for Robust Adversarial Defense

Neural networks are known to be vulnerable to adversarial examples. Care...
04/13/2022

AHP: Learning to Negative Sample for Hyperedge Prediction

Hypergraphs (i.e., sets of hyperedges) naturally represent group relatio...

Code Repositories

random_spiking

Random Spiking: a training method to improve the robustness of neural network


view repo
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.