Deep Minimax Probability Machine

TL;DR

The paper introduces DeepMPM, a deep neural network approach that minimizes worst-case misclassification probabilities to improve robustness against adversarial attacks, achieving comparable accuracy to CNNs but with enhanced security.

Contribution

It proposes DeepMPM, integrating Minimax Probability Machine with deep learning to explicitly optimize for worst-case misclassification bounds in an end-to-end manner.

Findings

DeepMPM achieves similar accuracy to CNNs on real datasets.

DeepMPM demonstrates increased robustness against adversarial attacks.

The method effectively minimizes upper bounds of misclassification probabilities.

Abstract

Deep neural networks enjoy a powerful representation and have proven effective in a number of applications. However, recent advances show that deep neural networks are vulnerable to adversarial attacks incurred by the so-called adversarial examples. Although the adversarial example is only slightly different from the input sample, the neural network classifies it as the wrong class. In order to alleviate this problem, we propose the Deep Minimax Probability Machine (DeepMPM), which applies MPM to deep neural networks in an end-to-end fashion. In a worst-case scenario, MPM tries to minimize an upper bound of misclassification probabilities, considering the global information (i.e., mean and covariance information of each class). DeepMPM can be more robust since it learns the worst-case bound on the probability of misclassification of future data. Experiments on two real-world datasets can achieve comparable classification performance with CNN, while can be more robust on adversarial attacks.