ATRAS: Adversarially Trained Robust Architecture Search
Yigit Alparslan, Edward Kim
TL;DR
This paper investigates how the completeness of neural network architectures affects adversarial robustness by training and evaluating various models on CIFAR-10 and MNIST using adversarial training and FGSM attacks.
Contribution
It introduces ATRAS, a method for analyzing the impact of architecture completeness on adversarial robustness through systematic experiments.
Findings
Architecture completeness significantly influences adversarial robustness.
Deeper and more complete architectures tend to be more robust.
Adversarial training improves accuracy against attacks across architectures.
Abstract
In this paper, we explore the effect of architecture completeness on adversarial robustness. We train models with different architectures on CIFAR-10 and MNIST dataset. For each model, we vary different number of layers and different number of nodes in the layer. For every architecture candidate, we use Fast Gradient Sign Method (FGSM) to generate untargeted adversarial attacks and use adversarial training to defend against those attacks. For each architecture candidate, we report pre-attack, post-attack and post-defense accuracy for the model as well as the architecture parameters and the impact of completeness to the model accuracies.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Machine Learning in Materials Science