TL;DR
Spartan Networks introduce a novel neural network architecture with an adversarial layer and a new activation function to improve robustness against adversarial attacks without needing input preprocessing or adversarial training.
Contribution
The paper presents Spartan Networks, a new architecture that enhances adversarial robustness by incorporating a self-feature-squeezing layer, avoiding additional training procedures.
Findings
Higher robustness under attack compared to unprotected models
Slightly lower precision but improved security against adversarial examples
Effective on MNIST dataset
Abstract
Deep learning models are vulnerable to adversarial examples which are input samples modified in order to maximize the error on the system. We introduce Spartan Networks, resistant deep neural networks that do not require input preprocessing nor adversarial training. These networks have an adversarial layer designed to discard some information of the network, thus forcing the system to focus on relevant input. This is done using a new activation function to discard data. The added layer trains the neural network to filter-out usually-irrelevant parts of its input. Our performance evaluation shows that Spartan Networks have a slightly lower precision but report a higher robustness under attack when compared to unprotected models. Results of this study of Adversarial AI as a new attack vector are based on tests conducted on the MNIST dataset.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
