Incorporating Hidden Layer representation into Adversarial Attacks and Defences

TL;DR

This paper introduces a novel defense method that enhances neural network robustness against adversarial attacks by leveraging hidden layer representations, supported by theoretical proof and extensive experiments.

Contribution

It proposes a new defense strategy based on hidden layer representations that improves robustness without adversarial training and introduces three new attack types.

Findings

Significantly improves adversarial robustness of neural networks

Achieves state-of-the-art performance without adversarial training

Theoretically proves effectiveness of the defense strategy

Abstract

In this paper, we propose a defence strategy to improve adversarial robustness by incorporating hidden layer representation. The key of this defence strategy aims to compress or filter input information including adversarial perturbation. And this defence strategy can be regarded as an activation function which can be applied to any kind of neural network. We also prove theoretically the effectiveness of this defense strategy under certain conditions. Besides, incorporating hidden layer representation we propose three types of adversarial attacks to generate three types of adversarial examples, respectively. The experiments show that our defence method can significantly improve the adversarial robustness of deep neural networks which achieves the state-of-the-art performance even though we do not adopt adversarial training.