TL;DR
MTDeep employs a moving target defense strategy, using an ensemble of neural networks and game theory to significantly enhance robustness against adversarial attacks while preserving accuracy on legitimate images.
Contribution
This paper introduces MTDeep, a novel meta-defense framework that leverages ensemble methods and game theory to improve neural network robustness against adversarial attacks.
Findings
Reduces misclassification on adversarially perturbed images across datasets
Maintains high accuracy on legitimate images
Can be combined with existing defenses for enhanced resilience
Abstract
Present attack methods can make state-of-the-art classification systems based on deep neural networks misclassify every adversarially modified test example. The design of general defense strategies against a wide range of such attacks still remains a challenging problem. In this paper, we draw inspiration from the fields of cybersecurity and multi-agent systems and propose to leverage the concept of Moving Target Defense (MTD) in designing a meta-defense for 'boosting' the robustness of an ensemble of deep neural networks (DNNs) for visual classification tasks against such adversarial attacks. To classify an input image, a trained network is picked randomly from this set of networks by formulating the interaction between a Defender (who hosts the classification networks) and their (Legitimate and Malicious) users as a Bayesian Stackelberg Game (BSG). We empirically show that this…
Click any figure to enlarge with its caption.
Figure 1Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
\WarningFilter
latexOverwriting file
11institutetext: Arizona State University, Tempe, AZ, USA
11email: {sailiks,rao}@asu.edu 22institutetext: IBM Research, Cambridge, MA, USA
22email: [email protected]
MTDeep: Boosting the Security of Deep Neural Nets Against Adversarial Attacks with
Moving Target Defense
Sailik Sengupta 11
Tathagata Chakraborti 22
Subbarao Kambhampati To be presented at the Conference on Decision and Game Theory for Security, 201911
Abstract
Present attack methods can make state-of-the-art classification systems based on deep neural networks mis-classify every adversarially modified test example. The design of general defense strategies against a wide range of such attacks still remains a challenging problem. In this paper, we draw inspiration from the fields of cybersecurity and multi-agent systems and propose to leverage the concept of Moving Target Defense (MTD) in designing a meta-defense for ‘boosting’ the robustness of an ensemble of deep neural networks (DNNs) for visual classification tasks against such adversarial attacks. To classify an input image, a trained network is picked randomly from this set of networks by formulating the interaction between a Defender (who hosts the classification networks) and their (Legitimate and Malicious) users as a Bayesian Stackelberg Game (BSG). We empirically show that this approach, MTDeep, reduces misclassification on perturbed images in various datasets such as MNIST, FashionMNIST, and ImageNet while maintaining high classification accuracy on legitimate test images. We then demonstrate that our framework, being the first meta-defense technique, can be used in conjunction with any existing defense mechanism to provide more resilience against adversarial attacks that can be afforded by these defense mechanisms. Lastly, to quantify the increase in robustness of an ensemble-based classification system when we use MTDeep, we analyze the properties of a set of DNNs and introduce the concept of differential immunity that formalizes the notion of attack transferability.
