Adversarial Training Using Feedback Loops

TL;DR

This paper introduces Feedback Looped Adversarial Training (FLAT), a novel method using control theory and feedback neural networks to enhance DNN robustness against adversarial attacks, outperforming existing techniques.

Contribution

It proposes a new robustification approach based on control theory, integrating feedback control neural networks trained with adversarial data.

Findings

FLAT outperforms state-of-the-art methods in defending against adversarial attacks.

Feedback neural networks effectively stabilize outputs under adversarial perturbations.

Numerical experiments validate the robustness improvements of FLAT.

Abstract

Deep neural networks (DNN) have found wide applicability in numerous fields due to their ability to accurately learn very complex input-output relations. Despite their accuracy and extensive use, DNNs are highly susceptible to adversarial attacks due to limited generalizability. For future progress in the field, it is essential to build DNNs that are robust to any kind of perturbations to the data points. In the past, many techniques have been proposed to robustify DNNs using first-order derivative information of the network. This paper proposes a new robustification approach based on control theory. A neural network architecture that incorporates feedback control, named Feedback Neural Networks, is proposed. The controller is itself a neural network, which is trained using regular and adversarial data such as to stabilize the system outputs. The novel adversarial training approach based on the feedback control architecture is called Feedback Looped Adversarial Training (FLAT). Numerical results on standard test problems empirically show that our FLAT method is more effective than the state-of-the-art to guard against adversarial attacks.