A Learning and Masking Approach to Secure Learning
Linh Nguyen, Sky Wang, Arunesh Sinha
TL;DR
This paper introduces a new perspective on defending neural networks against adversarial attacks by framing attack generation as a learning problem and proposing masking techniques that enhance robustness against various attack types.
Contribution
It presents a novel dual approach to attack learning for defense and introduces a masking method that adds noise to logits to protect against low distortion attacks.
Findings
Effective against high perturbation attacks like FGSM
Protects against low distortion attacks such as CW
Works simultaneously with attack learning for comprehensive defense
Abstract
Deep Neural Networks (DNNs) have been shown to be vulnerable against adversarial examples, which are data points cleverly constructed to fool the classifier. Such attacks can be devastating in practice, especially as DNNs are being applied to ever increasing critical tasks like image recognition in autonomous driving. In this paper, we introduce a new perspective on the problem. We do so by first defining robustness of a classifier to adversarial exploitation. Next, we show that the problem of adversarial example generation can be posed as learning problem. We also categorize attacks in literature into high and low perturbation attacks; well-known attacks like fast-gradient sign method (FGSM) and our attack produce higher perturbation adversarial examples while the more potent but computationally inefficient Carlini-Wagner (CW) attack is low perturbation. Next, we show that the dual…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.