Go to DBLP homepageLeveraging Generative Models for Combating Adversarial Attacks on Tabular Datasets
Abstract: Artificial Neural Networks (ANN) models – a form of discriminative models – are the workhorse of deep learning research, and have resulted in a remarkable performance on a range of applications on a large variety of datasets. On tabular datasets, ANN models are preferable when learning from large quantities of data as non-parametric models such as Random Forest and XGBoost cannot be easily used due to their inherent in-core data processing (i.e., they require loading all the data in memory). The applicability and effectiveness of ANN models, however, come with a price. They have been shown to be susceptible to adversarial attacks, which can greatly compromise their performance and trust in their utilization. There has been a surge in research in developing effective defence strategies for adversarial attacks on ANN models, e.g., Madry, D2A3, etc. Recently, it has been shown that generative models are more robust to adversarial attacks than discriminative models. A natural question is – can generative models be used as a defence for discriminative models against adversarial attacks? This work addresses this question, where we study the power of generative models in warding off adversarial attacks for discriminative models. In this work, we propose an effective defence model – gD2A3 – that exploits the generative-discriminative equivalence of some ANN models. It uses the learned probabilities from a generative model to initialize the input layer parameters of a standard ANN model, and utilizes \(L_2\) regularization of the input layer parameters as a defence mechanism. We show that our proposed model leads to better results than the state-of-the-art method D2A3 by conducting a thorough empirical study on a variety of datasets with two major adversarial attacks.
Loading