Defense-Net: Defend Against a Wide Range of Adversarial Attacks through Adversarial Detector

Adnan Siraj Rakin, Deliang Fan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Recent studies have demonstrated that Deep Neural Networks(DNNs) are vulnerable to adversarial input perturbations: meticulously engineered slight perturbations can result in inappropriate categorization of valid images. Adversarial Training has been one of the successful defense approaches in recent times. In this work, we propose an alternative to adversarial training by training a separate model with adversarial examples instead of the original classifier. We train an adversarial detector network known as 'Defense-Net' with strong adversary while training the original classifier with only clean training data. We propose a new adversarial cross entropy loss function to train Defense-Net appropriately differentiate between different adversarial examples. Defense-Net solves three major concerns regarding the development of a successful adversarial defense method. First, our defense does not have clean data accuracy degradation in contrast to traditional adversarial training based defenses. Second, we demonstrate this resiliency with experiments on the MNIST and CIFAR-10 data sets, and show that the state-of-the-art accuracy under the most powerful known white-box attack was increased from 94.02 % to 99.2 % on MNIST, and 47 % to 94.79 % on CIFAR-10. Finally, unlike most recent defenses, our approach does not suffer from obfuscated gradient and can successfully defend strong BPDA, PGD, FGSM and C & W attacks.

Original languageEnglish (US)
Title of host publicationProceedings - 2019 IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2019
PublisherIEEE Computer Society
Pages332-337
Number of pages6
ISBN (Electronic)9781538670996
DOIs
StatePublished - Jul 2019
Externally publishedYes
Event18th IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2019 - Miami, United States
Duration: Jul 15 2019Jul 17 2019

Publication series

NameProceedings of IEEE Computer Society Annual Symposium on VLSI, ISVLSI
Volume2019-July
ISSN (Print)2159-3469
ISSN (Electronic)2159-3477

Conference

Conference18th IEEE Computer Society Annual Symposium on VLSI, ISVLSI 2019
CountryUnited States
CityMiami
Period7/15/197/17/19

Keywords

  • Adversarial Defense
  • Detector
  • Robustness

ASJC Scopus subject areas

  • Hardware and Architecture
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Defense-Net: Defend Against a Wide Range of Adversarial Attacks through Adversarial Detector'. Together they form a unique fingerprint.

Cite this