Colored Noise Injection for Training Adversarially Robust Neural Networks
Evgenii Zheltonozhskii, Chaim Baskin, Yaniv Nemcovsky, Brian Chmiel,, Avi Mendelson, Alex M. Bronstein
TL;DR
This paper introduces colored noise injection during adversarial training to enhance neural network robustness, outperforming previous white noise methods against various attacks on CIFAR datasets.
Contribution
It extends white Gaussian noise injection to colored noise, demonstrating improved adversarial robustness and providing extensive ablation analysis for optimal configurations.
Findings
Outperforms previous noise injection methods in adversarial accuracy
Effective against both white-box and black-box attacks
Validated on CIFAR-10 and CIFAR-100 datasets
Abstract
Even though deep learning has shown unmatched performance on various tasks, neural networks have been shown to be vulnerable to small adversarial perturbations of the input that lead to significant performance degradation. In this work we extend the idea of adding white Gaussian noise to the network weights and activations during adversarial training (PNI) to the injection of colored noise for defense against common white-box and black-box attacks. We show that our approach outperforms PNI and various previous approaches in terms of adversarial accuracy on CIFAR-10 and CIFAR-100 datasets. In addition, we provide an extensive ablation study of the proposed method justifying the chosen configurations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Bacillus and Francisella bacterial research