Stochastic Local Winner-Takes-All Networks Enable Profound Adversarial Robustness

TL;DR

This paper introduces stochastic local winner-takes-all (LWTA) networks that replace ReLU nonlinearities with stochastic competition, achieving state-of-the-art adversarial robustness while maintaining high accuracy on benign data.

Contribution

It proposes a novel LWTA-based architecture trained with Variational Bayesian methods, enhancing adversarial robustness in both white-box and black-box settings.

Findings

Achieves state-of-the-art robustness against adversarial attacks.

Maintains high classification accuracy on benign data.

Demonstrates effectiveness in adversarial training scenarios.

Abstract

This work explores the potency of stochastic competition-based activations, namely Stochastic Local Winner-Takes-All (LWTA), against powerful (gradient-based) white-box and black-box adversarial attacks; we especially focus on Adversarial Training settings. In our work, we replace the conventional ReLU-based nonlinearities with blocks comprising locally and stochastically competing linear units. The output of each network layer now yields a sparse output, depending on the outcome of winner sampling in each block. We rely on the Variational Bayesian framework for training and inference; we incorporate conventional PGD-based adversarial training arguments to increase the overall adversarial robustness. As we experimentally show, the arising networks yield state-of-the-art robustness against powerful adversarial attacks while retaining very high classification rate in the benign case.