Evolving Robust Neural Architectures to Defend from Adversarial Attacks

TL;DR

This paper introduces a novel neural architecture search method that automatically evolves robust neural networks resistant to adversarial attacks, achieving robustness comparable to state-of-the-art defenses without adversarial training.

Contribution

It proposes an enhanced neural architecture search space and method that discovers inherently robust neural architectures against adversarial attacks.

Findings

Evolved architectures show robustness rivaling adversarial training.

Enhanced search space includes dense, convolution, and concatenation layers.

Robust architectures are found using only non-adversarial training data.

Abstract

Neural networks are prone to misclassify slightly modified input images. Recently, many defences have been proposed, but none have improved the robustness of neural networks consistently. Here, we propose to use adversarial attacks as a function evaluation to search for neural architectures that can resist such attacks automatically. Experiments on neural architecture search algorithms from the literature show that although accurate, they are not able to find robust architectures. A significant reason for this lies in their limited search space. By creating a novel neural architecture search with options for dense layers to connect with convolution layers and vice-versa as well as the addition of concatenation layers in the search, we were able to evolve an architecture that is inherently accurate on adversarial samples. Interestingly, this inherent robustness of the evolved architecture rivals state-of-the-art defences such as adversarial training while being trained only on the non-adversarial samples. Moreover, the evolved architecture makes use of some peculiar traits which might be useful for developing even more robust ones. Thus, the results here confirm that more robust architectures exist as well as opens up a new realm of feasibilities for the development and exploration of neural networks. Code available at http://bit.ly/RobustArchitectureSearch.