"What's in the box?!": Deflecting Adversarial Attacks by Randomly Deploying Adversarially-Disjoint Models

02/09/2021
by   Sahar Abdelnabi, et al.
0

Machine learning models are now widely deployed in real-world applications. However, the existence of adversarial examples has been long considered a real threat to such models. While numerous defenses aiming to improve the robustness have been proposed, many have been shown ineffective. As these vulnerabilities are still nowhere near being eliminated, we propose an alternative deployment-based defense paradigm that goes beyond the traditional white-box and black-box threat models. Instead of training a single partially-robust model, one could train a set of same-functionality, yet, adversarially-disjoint models with minimal in-between attack transferability. These models could then be randomly and individually deployed, such that accessing one of them minimally affects the others. Our experiments on CIFAR-10 and a wide range of attacks show that we achieve a significantly lower attack transferability across our disjoint models compared to a baseline of ensemble diversity. In addition, compared to an adversarially trained set, we achieve a higher average robust accuracy while maintaining the accuracy of clean examples.

READ FULL TEXT
research
04/05/2019

Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks

Deep neural networks are vulnerable to adversarial examples, which can m...
research
11/02/2022

Improving transferability of 3D adversarial attacks with scale and shear transformations

Previous work has shown that 3D point cloud classifiers can be vulnerabl...
research
04/18/2021

Scale-Adv: A Joint Attack on Image-Scaling and Machine Learning Classifiers

As real-world images come in varying sizes, the machine learning model i...
research
06/15/2022

Morphence-2.0: Evasion-Resilient Moving Target Defense Powered by Out-of-Distribution Detection

Evasion attacks against machine learning models often succeed via iterat...
research
12/07/2021

Saliency Diversified Deep Ensemble for Robustness to Adversaries

Deep learning models have shown incredible performance on numerous image...
research
05/02/2021

Who's Afraid of Adversarial Transferability?

Adversarial transferability, namely the ability of adversarial perturbat...
research
02/26/2020

Revisiting Ensembles in an Adversarial Context: Improving Natural Accuracy

A necessary characteristic for the deployment of deep learning models in...

Please sign up or login with your details

Forgot password? Click here to reset