# Robustification of deep net classifiers by key based diversified   aggregation with pre-filtering

**Authors:** Olga Taran, Shideh Rezaeifar, Taras Holotyak, Slava Voloshynovskiy

arXiv: 1905.05454 · 2019-05-15

## TL;DR

This paper introduces a Key based Diversified Aggregation (KDA) mechanism that enhances deep neural network robustness against adversarial attacks through secret key-based randomization and multi-channel aggregation, preventing gradient-based bypasses.

## Contribution

The paper proposes a novel KDA defense strategy that uses secret key-based randomization and multi-channel aggregation to improve neural network robustness against various adversarial attacks.

## Key findings

- KDA significantly increases robustness against gradient-based attacks.
- KDA effectively defends against non-gradient sparse perturbations.
- Experimental results show high universality of the proposed method.

## Abstract

In this paper, we address a problem of machine learning system vulnerability to adversarial attacks. We propose and investigate a Key based Diversified Aggregation (KDA) mechanism as a defense strategy. The KDA assumes that the attacker (i) knows the architecture of classifier and the used defense strategy, (ii) has an access to the training data set but (iii) does not know the secret key. The robustness of the system is achieved by a specially designed key based randomization. The proposed randomization prevents the gradients' back propagation or the creating of a "bypass" system. The randomization is performed simultaneously in several channels and a multi-channel aggregation stabilizes the results of randomization by aggregating soft outputs from each classifier in multi-channel system. The performed experimental evaluation demonstrates a high robustness and universality of the KDA against the most efficient gradient based attacks like those proposed by N. Carlini and D. Wagner and the non-gradient based sparse adversarial perturbations like OnePixel attacks.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1905.05454/full.md

## Figures

8 figures with captions in the complete paper: https://tomesphere.com/paper/1905.05454/full.md

## References

14 references — full list in the complete paper: https://tomesphere.com/paper/1905.05454/full.md

---
Source: https://tomesphere.com/paper/1905.05454