Out-distribution training confers robustness to deep neural networks

TL;DR

This paper demonstrates that training neural networks with out-distribution data enhances their robustness by improving adversarial detection and making adversarial generation more difficult.

Contribution

It introduces a method of out-distribution training that increases neural network robustness against adversarial attacks without training on adversarial examples.

Findings

Out-distribution training improves adversarial detection capabilities.

It makes generating white-box adversaries more challenging.

The approach enhances model robustness in critical applications.

Abstract

The easiness at which adversarial instances can be generated in deep neural networks raises some fundamental questions on their functioning and concerns on their use in critical systems. In this paper, we draw a connection between over-generalization and adversaries: a possible cause of adversaries lies in models designed to make decisions all over the input space, leading to inappropriate high-confidence decisions in parts of the input space not represented in the training set. We empirically show an augmented neural network, which is not trained on any types of adversaries, can increase the robustness by detecting black-box one-step adversaries, i.e. assimilated to out-distribution samples, and making generation of white-box one-step adversaries harder.