L 1-norm double backpropagation adversarial defense
Isma\"ila Seck (LIMOS, LITIS), Ga\"elle Loosli (LIMOS), Stephane Canu, (LITIS)
TL;DR
This paper introduces a new adversarial defense method for deep neural networks by adding a penalization term to reduce local sensitivity, showing promising results especially when combined with adversarial training.
Contribution
It proposes a theoretically motivated L1-norm double backpropagation approach to enhance adversarial robustness of neural networks.
Findings
Behavior aligns with theoretical expectations when used alone.
Combining with adversarial training yields promising results.
Method effectively reduces local sensitivity to adversarial attacks.
Abstract
Adversarial examples are a challenging open problem for deep neural networks. We propose in this paper to add a penalization term that forces the decision function to be at in some regions of the input space, such that it becomes, at least locally, less sensitive to attacks. Our proposition is theoretically motivated and shows on a first set of carefully conducted experiments that it behaves as expected when used alone, and seems promising when coupled with adversarial training.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · High-Velocity Impact and Material Behavior · Physical Unclonable Functions (PUFs) and Hardware Security