Adversary resistant deep neural networks via advanced feature nullification

作者:

Highlights:

摘要

Deep neural networks (DNNs) have been achieving excellent performance in many learning tasks. However, recent studies reveal that DNNs are vulnerable to adversarial examples. Fortunately, a random feature nullification (RFN) algorithm is proposed to improve the robustness of DNNs against gradient-based adversarial examples. However, experimental results demonstrate that RFN ruins the availability of DNNs in some cases. To explore more efficient feature nullification (FN) algorithms, we theoretically prove that FN can improve the robustness of DNNs. Moreover, sliding window feature nullification (SWFN) and fixed stride feature nullification (FSFN) algorithms are proposed to improve the robustness of DNNs. The experimental results demonstrate that compared to RFN, the proposed algorithms can maintain the availability of DNNs without decreasing its robustness against gradient-based attacks.

论文关键词:Adversarial machine learning,Deep learning,Feature nullification,Hadamard product

论文评审过程:Received 12 November 2018, Revised 6 May 2019, Accepted 8 May 2019, Available online 15 May 2019, Version of Record 12 June 2019.

论文官网地址:https://doi.org/10.1016/j.knosys.2019.05.007