Enhancing Robustness of Neural Networks through Fourier Stabilization

TL;DR

This paper introduces Fourier stabilization, a novel method to enhance neural network robustness against evasion attacks by replacing neuron weights with Fourier-based analogs, improving security in detection tasks.

Contribution

The paper presents a new Fourier stabilization technique for neural networks, including methods for neuron selection and formal robustness bounds, demonstrating improved security against evasion attacks.

Findings

Fourier stabilization increases neural network robustness in malware detection.

The approach effectively combines with adversarial training.

Experimental results show significant robustness improvements.

Abstract

Despite the considerable success of neural networks in security settings such as malware detection, such models have proved vulnerable to evasion attacks, in which attackers make slight changes to inputs (e.g., malware) to bypass detection. We propose a novel approach, \emph{Fourier stabilization}, for designing evasion-robust neural networks with binary inputs. This approach, which is complementary to other forms of defense, replaces the weights of individual neurons with robust analogs derived using Fourier analytic tools. The choice of which neurons to stabilize in a neural network is then a combinatorial optimization problem, and we propose several methods for approximately solving it. We provide a formal bound on the per-neuron drop in accuracy due to Fourier stabilization, and experimentally demonstrate the effectiveness of the proposed approach in boosting robustness of neural networks in several detection settings. Moreover, we show that our approach effectively composes with adversarial training.