Block Switching: A Stochastic Approach for Deep Learning Security

TL;DR

This paper proposes Block Switching, a stochastic defense method for deep learning models that enhances robustness against adversarial attacks by randomly switching model blocks during inference.

Contribution

Introduction of Block Switching, a novel stochastic defense technique that improves adversarial robustness while maintaining accuracy and compatibility with other defenses.

Findings

BS improves robustness against adversarial attacks.

BS causes less accuracy drop compared to other defenses.

BS is attack-independent and can be combined with other methods.

Abstract

Recent study of adversarial attacks has revealed the vulnerability of modern deep learning models. That is, subtly crafted perturbations of the input can make a trained network with high accuracy produce arbitrary incorrect predictions, while maintain imperceptible to human vision system. In this paper, we introduce Block Switching (BS), a defense strategy against adversarial attacks based on stochasticity. BS replaces a block of model layers with multiple parallel channels, and the active channel is randomly assigned in the run time hence unpredictable to the adversary. We show empirically that BS leads to a more dispersed input gradient distribution and superior defense effectiveness compared with other stochastic defenses such as stochastic activation pruning (SAP). Compared to other defenses, BS is also characterized by the following features: (i) BS causes less test accuracy drop; (ii) BS is attack-independent and (iii) BS is compatible with other defenses and can be used jointly with others.