Sparse Coding Frontend for Robust Neural Networks

Can Bakiskan; Metehan Cekic; Ahmet Dundar Sezer; Upamanyu Madhow

arXiv:2104.05353·cs.LG·April 13, 2021

Sparse Coding Frontend for Robust Neural Networks

Can Bakiskan, Metehan Cekic, Ahmet Dundar Sezer, Upamanyu Madhow

PDF

Open Access 1 Repo

TL;DR

This paper proposes a novel sparse coding frontend that enhances neural network robustness against various adversarial attacks by attenuating perturbations before classification, trained solely on clean images.

Contribution

Introduction of a sparse coding based frontend as a new defense mechanism against adversarial attacks, differing from traditional adversarial training methods.

Findings

01

Effective against multiple attack types (Linf, L2, L1)

02

Significantly reduces adversarial perturbations

03

Demonstrates robustness on CIFAR-10 dataset

Abstract

Deep Neural Networks are known to be vulnerable to small, adversarially crafted, perturbations. The current most effective defense methods against these adversarial attacks are variants of adversarial training. In this paper, we introduce a radically different defense trained only on clean images: a sparse coding based frontend which significantly attenuates adversarial attacks before they reach the classifier. We evaluate our defense on CIFAR-10 dataset under a wide range of attack types (including Linf , L2, and L1 bounded attacks), demonstrating its promise as a general-purpose approach for defense.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

canbakiskan/sparse_coding_frontend
pytorchOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Bacillus and Francisella bacterial research