Improving Adversarial Robustness of Ensembles with Diversity Training

TL;DR

This paper introduces Diversity Training, a method to enhance ensemble robustness against transfer-based adversarial attacks by training models with uncorrelated loss functions, leading to improved defense effectiveness.

Contribution

The paper proposes a novel Diversity Training approach that trains ensembles with uncorrelated loss gradients, significantly boosting adversarial robustness against transfer attacks.

Findings

Diversity Training improves ensemble robustness against transfer attacks.

Uncorrelated loss functions reduce attack transferability.

Method enhances existing defenses when combined with other techniques.

Abstract

Deep Neural Networks are vulnerable to adversarial attacks even in settings where the attacker has no direct access to the model being attacked. Such attacks usually rely on the principle of transferability, whereby an attack crafted on a surrogate model tends to transfer to the target model. We show that an ensemble of models with misaligned loss gradients can provide an effective defense against transfer-based attacks. Our key insight is that an adversarial example is less likely to fool multiple models in the ensemble if their loss functions do not increase in a correlated fashion. To this end, we propose Diversity Training, a novel method to train an ensemble of models with uncorrelated loss functions. We show that our method significantly improves the adversarial robustness of ensembles and can also be combined with existing methods to create a stronger defense.