Robust Convolutional Neural Networks under Adversarial Noise

TL;DR

This paper introduces a stochastic noise-based CNN architecture that enhances robustness against adversarial perturbations, outperforming existing methods especially under strong adversarial conditions.

Contribution

A novel feedforward CNN model incorporating stochastic additive noise at multiple layers, improving adversarial robustness with minimal additional parameters.

Findings

Outperforms existing methods on CIFAR-10 and ImageNet

More effective against stronger adversarial noise

Scalable due to simple mean and variance parameterization

Abstract

Recent studies have shown that Convolutional Neural Networks (CNNs) are vulnerable to a small perturbation of input called "adversarial examples". In this work, we propose a new feedforward CNN that improves robustness in the presence of adversarial noise. Our model uses stochastic additive noise added to the input image and to the CNN models. The proposed model operates in conjunction with a CNN trained with either standard or adversarial objective function. In particular, convolution, max-pooling, and ReLU layers are modified to benefit from the noise model. Our feedforward model is parameterized by only a mean and variance per pixel which simplifies computations and makes our method scalable to a deep architecture. From CIFAR-10 and ImageNet test, the proposed model outperforms other methods and the improvement is more evident for difficult classification tasks or stronger adversarial noise.