MadNet: Using a MAD Optimization for Defending Against Adversarial Attacks
Shai Rozenberg, Gal Elidan, Ran El-Yaniv
TL;DR
MadNet employs a maximal adversarial distortion optimization to enhance deep neural networks' robustness against adversarial attacks by increasing class separability and reducing sensitivity to small perturbations.
Contribution
The paper introduces MAD optimization, a scalable and effective method for defending deep networks from adversarial attacks, resulting in the MadNet architecture.
Findings
MadNet improves adversarial robustness over existing methods
MAD optimization increases class cluster separability
MadNet maintains or improves original accuracy
Abstract
This paper is concerned with the defense of deep models against adversarial attacks. Inspired by the certificate defense approach, we propose a maximal adversarial distortion (MAD) optimization method for robustifying deep networks. MAD captures the idea of increasing separability of class clusters in the embedding space while decreasing the network sensitivity to small distortions. Given a deep neural network (DNN) for a classification problem, an application of MAD optimization results in MadNet, a version of the original network, now equipped with an adversarial defense mechanism. MAD optimization is intuitive, effective and scalable, and the resulting MadNet can improve the original accuracy. We present an extensive empirical study demonstrating that MadNet improves adversarial robustness performance compared to state-of-the-art methods.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Advanced Malware Detection Techniques · Physical Unclonable Functions (PUFs) and Hardware Security