Game Theory for Adversarial Attacks and Defenses

TL;DR

This paper explores the use of game theory to develop defense strategies against adversarial attacks on neural networks, employing randomization and denoising techniques to enhance robustness.

Contribution

It introduces a game-theoretic framework for adversarial defense, utilizing randomization and super resolution to improve neural network robustness against attacks.

Findings

Randomization methods increase model diversity and robustness.

Super resolution preprocessing enhances attack resistance.

Game-theoretic approaches effectively defend neural networks.

Abstract

Adversarial attacks can generate adversarial inputs by applying small but intentionally worst-case perturbations to samples from the dataset, which leads to even state-of-the-art deep neural networks outputting incorrect answers with high confidence. Hence, some adversarial defense techniques are developed to improve the security and robustness of the models and avoid them being attacked. Gradually, a game-like competition between attackers and defenders formed, in which both players would attempt to play their best strategies against each other while maximizing their own payoffs. To solve the game, each player would choose an optimal strategy against the opponent based on the prediction of the opponent's strategy choice. In this work, we are on the defensive side to apply game-theoretic approaches on defending against attacks. We use two randomization methods, random initialization and stochastic activation pruning, to create diversity of networks. Furthermore, we use one denoising technique, super resolution, to improve models' robustness by preprocessing images before attacks. Our experimental results indicate that those three methods can effectively improve the robustness of deep-learning neural networks.