A Unified Gradient Regularization Family for Adversarial Examples

TL;DR

This paper introduces a unified gradient regularization framework to enhance the robustness of machine learning models against adversarial examples, combining existing methods and providing new insights into their effectiveness.

Contribution

The paper proposes a novel unified framework for gradient regularization that encompasses existing approaches and offers a new perspective on defending against adversarial attacks.

Findings

Achieved the best accuracy on MNIST without data augmentation.

Attained competitive results on CIFAR-10.

Demonstrated the effectiveness of the regularization method through experiments.

Abstract

Adversarial examples are augmented data points generated by imperceptible perturbation of input samples. They have recently drawn much attention with the machine learning and data mining community. Being difficult to distinguish from real examples, such adversarial examples could change the prediction of many of the best learning models including the state-of-the-art deep learning models. Recent attempts have been made to build robust models that take into account adversarial examples. However, these methods can either lead to performance drops or lack mathematical motivations. In this paper, we propose a unified framework to build robust machine learning models against adversarial examples. More specifically, using the unified framework, we develop a family of gradient regularization methods that effectively penalize the gradient of loss function w.r.t. inputs. Our proposed framework is appealing in that it offers a unified view to deal with adversarial examples. It incorporates another recently-proposed perturbation based approach as a special case. In addition, we present some visual effects that reveals semantic meaning in those perturbations, and thus support our regularization method and provide another explanation for generalizability of adversarial examples. By applying this technique to Maxout networks, we conduct a series of experiments and achieve encouraging results on two benchmark datasets. In particular,we attain the best accuracy on MNIST data (without data augmentation) and competitive performance on CIFAR-10 data.