Diverse Knowledge Distillation (DKD): A Solution for Improving The Robustness of Ensemble Models Against Adversarial Attacks

TL;DR

This paper introduces Diverse Knowledge Distillation (DKD), an ensemble learning approach that enhances robustness against adversarial attacks by training members in distinct latent spaces with a novel loss regulation.

Contribution

The paper presents a new ensemble training method using reverse knowledge distillation to improve adversarial robustness and diversity among models.

Findings

Improved robustness against adversarial attacks on CIFAR10 and MNIST.

Enhanced ensemble performance compared to existing defenses.

Effective in creating diverse feature representations among ensemble members.

Abstract

This paper proposes an ensemble learning model that is resistant to adversarial attacks. To build resilience, we introduced a training process where each member learns a radically distinct latent space. Member models are added one at a time to the ensemble. Simultaneously, the loss function is regulated by a reverse knowledge distillation, forcing the new member to learn different features and map to a latent space safely distanced from those of existing members. We assessed the security and performance of the proposed solution on image classification tasks using CIFAR10 and MNIST datasets and showed security and performance improvement compared to the state of the art defense methods.