Adversarial Robustness in Deep Learning: Attacks on Fragile Neurons

TL;DR

This paper investigates the vulnerability of deep learning neurons to adversarial attacks, identifying fragile neurons and proposing methods to enhance their robustness to improve model security.

Contribution

It introduces a novel approach to identify fragile neurons using nodal dropouts and proposes a technique to make these neurons more robust against adversarial attacks.

Findings

Fragile neurons can be identified using nodal dropouts.

Targeted modifications improve robustness of fragile neurons.

The method enhances adversarial resistance in deep learning models.

Abstract

We identify fragile and robust neurons of deep learning architectures using nodal dropouts of the first convolutional layer. Using an adversarial targeting algorithm, we correlate these neurons with the distribution of adversarial attacks on the network. Adversarial robustness of neural networks has gained significant attention in recent times and highlights intrinsic weaknesses of deep learning networks against carefully constructed distortion applied to input images. In this paper, we evaluate the robustness of state-of-the-art image classification models trained on the MNIST and CIFAR10 datasets against the fast gradient sign method attack, a simple yet effective method of deceiving neural networks. Our method identifies the specific neurons of a network that are most affected by the adversarial attack being applied. We, therefore, propose to make fragile neurons more robust against these attacks by compressing features within robust neurons and amplifying the fragile neurons proportionally.