Voting based ensemble improves robustness of defensive models

by   Devvrit, et al.

Developing robust models against adversarial perturbations has been an active area of research and many algorithms have been proposed to train individual robust models. Taking these pretrained robust models, we aim to study whether it is possible to create an ensemble to further improve robustness. Several previous attempts tackled this problem by ensembling the soft-label prediction and have been proved vulnerable based on the latest attack methods. In this paper, we show that if the robust training loss is diverse enough, a simple hard-label based voting ensemble can boost the robust error over each individual model. Furthermore, given a pool of robust models, we develop a principled way to select which models to ensemble. Finally, to verify the improved robustness, we conduct extensive experiments to study how to attack a voting-based ensemble and develop several new white-box attacks. On CIFAR-10 dataset, by ensembling several state-of-the-art pre-trained defense models, our method can achieve a 59.8 defensive models without using additional data.


page 1

page 2

page 3

page 4


Ensemble of Models Trained by Key-based Transformed Images for Adversarially Robust Defense Against Black-box Attacks

We propose a voting ensemble of models trained by using block-wise trans...

PARL: Enhancing Diversity of Ensemble Networks to Resist Adversarial Attacks via Pairwise Adversarially Robust Loss Function

The security of Deep Learning classifiers is a critical field of study b...

DVERGE: Diversifying Vulnerabilities for Enhanced Robust Generation of Ensembles

Recent research finds CNN models for image classification demonstrate ov...

Evaluating object detector ensembles for improving the robustness of artifact detection in endoscopic video streams

In this contribution we use an ensemble deep-learning method for combini...

On Collective Robustness of Bagging Against Data Poisoning

Bootstrap aggregating (bagging) is an effective ensemble protocol, which...

Enhancing Certifiable Robustness via a Deep Model Ensemble

We propose an algorithm to enhance certified robustness of a deep model ...

RRMSE Voting Regressor: A weighting function based improvement to ensemble regression

This paper describes the RRMSE (Relative Root Mean Square Error) based w...