Hindering Adversarial Attacks with Implicit Neural Representations

Andrei A. Rusu; Dan A. Calian; Sven Gowal; Raia Hadsell

arXiv:2210.13982·cs.LG·October 26, 2022

Hindering Adversarial Attacks with Implicit Neural Representations

Andrei A. Rusu, Dan A. Calian, Sven Gowal, Raia Hadsell

PDF

Open Access 1 Repo

TL;DR

The paper proposes LINAC, a novel input transformation using implicit neural representations, to defend CIFAR-10 classifiers against adversarial attacks, demonstrating improved robustness without extensive adversarial training.

Contribution

Introduction of LINAC, a new implicit neural representation-based defense that hinders adversarial attacks and introduces a key-based mechanism for enhanced security.

Findings

01

LINAC effectively defends against common adversarial attacks on CIFAR-10.

02

The random seed acts as a private key, enabling stronger attacks.

03

The defense also resists transfer and adaptive attacks, including the proposed PBA attack.

Abstract

We introduce the Lossy Implicit Network Activation Coding (LINAC) defence, an input transformation which successfully hinders several common adversarial attacks on CIFAR- $10$ classifiers for perturbations up to $ϵ = 8/255$ in $L_{\infty}$ norm and $ϵ = 0.5$ in $L_{2}$ norm. Implicit neural representations are used to approximately encode pixel colour intensities in $2 D$ images such that classifiers trained on transformed data appear to have robustness to small perturbations without adversarial training or large drops in performance. The seed of the random number generator used to initialise and train the implicit neural representation turns out to be necessary information for stronger generic attacks, suggesting its role as a private key. We devise a Parametric Bypass Approximation (PBA) attack strategy for key-based defences, which successfully invalidates an existing…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

deepmind/linac
jaxOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Bacillus and Francisella bacterial research · Anomaly Detection Techniques and Applications