Exploring the role of Input and Output Layers of a Deep Neural Network in Adversarial Defense

TL;DR

This paper investigates how modifications to the input and output layers of deep neural networks can enhance their robustness against non-gradient based adversarial attacks, offering new insights into defensive strategies.

Contribution

It introduces a novel analysis of input and output layer manipulations in fully connected networks for improved adversarial defense.

Findings

Certain layer modifications increase robustness against non-gradient adversarial attacks

Layer adjustments can be used to fine-tune models for better security

Empirical evidence shows improved resistance due to layer characteristics

Abstract

Deep neural networks are learning models having achieved state of the art performance in many fields like prediction, computer vision, language processing and so on. However, it has been shown that certain inputs exist which would not trick a human normally, but may mislead the model completely. These inputs are known as adversarial inputs. These inputs pose a high security threat when such models are used in real world applications. In this work, we have analyzed the resistance of three different classes of fully connected dense networks against the rarely tested non-gradient based adversarial attacks. These classes are created by manipulating the input and output layers. We have proven empirically that owing to certain characteristics of the network, they provide a high robustness against these attacks, and can be used in fine tuning other models to increase defense against adversarial attacks.