Attack-less adversarial training for a robust adversarial defense

Adversarial examples have proved efficacious in fooling deep neural networks recently. Many researchers have studied this issue of adversarial examples by evaluating neural networks against their attack techniques and increasing the robustness of neural networks with their defense techniques. To the...

Full description

Saved in:
Bibliographic Details
Published in:Applied intelligence (Dordrecht, Netherlands) Netherlands), 2022-03, Vol.52 (4), p.4364-4381
Main Authors: Ho, Jiacang, Lee, Byung-Gook, Kang, Dae-Ki
Format: Article
Language:English
Subjects:
Artificial Intelligence
Artificial neural networks
Computer Science
Core making
Defense
Machines
Manufacturing
Mechanical Engineering
Neural networks
Pixels
Processes
Regeneration
Robustness
Training
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Adversarial examples have proved efficacious in fooling deep neural networks recently. Many researchers have studied this issue of adversarial examples by evaluating neural networks against their attack techniques and increasing the robustness of neural networks with their defense techniques. To the best of our knowledge, adversarial training is one of the most effective defense techniques against the adversarial examples. However, the method is not able to cope with new attacks because it requires attack techniques in the training phase. In this paper, we propose a novel defense technique, Attack-Less Adversarial Training (ALAT) method, which is independent from any attack techniques, thereby is useful in preventing future attacks. Specifically, ALAT regenerates every pixel of an image into different pixel value, which commonly eliminates the majority of the adversarial noises in the adversarial example. This pixel regeneration is useful in defense because the adversarial noises are the core problem that make the neural networks produce high misclassification rate. Our experiment results with several benchmark datasets show that our method not only relieves over-fitting issue during the training of neural networks with a large number of epochs, but also boosts the robustness of the neural network.
ISSN:0924-669X
1573-7497
DOI:10.1007/s10489-021-02523-y