Feedback Learning for Improving the Robustness of Neural Networks

TL;DR

This paper introduces a feedback learning approach that enhances neural network robustness against various evasion attacks by analyzing decision space and adjusting training data proportions, leading to improved accuracy and fairness.

Contribution

The paper proposes a novel feedback learning method that improves neural network robustness and addresses inter-class inequality in adversarial defense.

Findings

Significant improvement in model accuracy and robustness against evasion attacks.

Effective mitigation of inter-class inequality through data proportion adjustments.

Feedback learning enhances understanding of model decision processes.

Abstract

Recent research studies revealed that neural networks are vulnerable to adversarial attacks. State-of-the-art defensive techniques add various adversarial examples in training to improve models' adversarial robustness. However, these methods are not universal and can't defend unknown or non-adversarial evasion attacks. In this paper, we analyze the model robustness in the decision space. A feedback learning method is then proposed, to understand how well a model learns and to facilitate the retraining process of remedying the defects. The evaluations according to a set of distance-based criteria show that our method can significantly improve models' accuracy and robustness against different types of evasion attacks. Moreover, we observe the existence of inter-class inequality and propose to compensate it by changing the proportions of examples generated in different classes.