A Deep Marginal-Contrastive Defense against Adversarial Attacks on 1D Models

TL;DR

This paper introduces a novel marginal contrastive loss function to enhance the robustness of deep convolutional networks, particularly Char-CNN, against adversarial attacks on both continuous and discrete datasets.

Contribution

The paper proposes a new marginal contrastive loss function that improves robustness of deep models against adversarial attacks, addressing vulnerabilities in non-continuous deep models.

Findings

The proposed loss improves Char-CNN performance on multiple datasets.

Regularization with the new loss enhances model robustness.

Experiments confirm effectiveness on both continuous and discrete data.

Abstract

Deep learning algorithms have been recently targeted by attackers due to their vulnerability. Several research studies have been conducted to address this issue and build more robust deep learning models. Non-continuous deep models are still not robust against adversarial, where most of the recent studies have focused on developing attack techniques to evade the learning process of the models. One of the main reasons behind the vulnerability of such models is that a learning classifier is unable to slightly predict perturbed samples. To address this issue, we propose a novel objective/loss function, the so-called marginal contrastive, which enforces the features to lie under a specified margin to facilitate their prediction using deep convolutional networks (i.e., Char-CNN). Extensive experiments have been conducted on continuous cases (e.g., UNSW NB15 dataset) and discrete ones (i.e, eight-large-scale datasets [32]) to prove the effectiveness of the proposed method. The results revealed that the regularization of the learning process based on the proposed loss function can improve the performance of Char-CNN.