Heterogeneous Architecture Search Approach within Adversarial Dynamic Defense FrameworkDownload PDF

Nov 22, 2021 (edited Dec 11, 2021)AAAI-22 AdvML Workshop ShortPaperReaders: Everyone
  • Keywords: Heterogeneous architecture, Neural Architecture Search, Dynamic Defense Framework, Adversarial robustness
  • TL;DR: Our method discovered multiple heterogeneous networks by NAS, such that networks further improve diversity for ensemble, and thus, boost the adversarial robustness of dynamic defense framework.
  • Abstract: Recent advances in adversarial attacks uncover the intrinsic vulnerability of modern deep neural networks (DNNs). To address this issue, various methods have been proposed to design network architectures that are robust to one particular type of adversarial attack. Recent research leverages the concept of dynamic defense framework (DDF) based on stochastic ensemble model for boosting the robustness of a DNN ensemble against such adversarial attacks. There is a need to enhance the diversity and gradient variations of the ensemble but stuck with the lack of efficient networks. In this paper, we propose a heterogeneous architecture searching method based on NAS. Our method encourages heterogeneous networks, such that networks further improve diversity for ensemble, and thus, boost the adversarial robustness of DDF. Experimental results suggest that the diversity existing among the family of heterogeneous networks does restrain the transferability of the adversarial sample, and achieve superior performance when evaluating the robustness on the ASR-vs-distortion benchmark in different attack environments.
2 Replies

Loading