Go to DBLP homepageBoosting Robustness in Deep Neuro-Fuzzy Systems: Uncovering Vulnerabilities, Empirical Insights, and a Multiattack Defense Mechanism
Abstract: Deep neuro-fuzzy systems (DNFS) have emerged as a hybrid machine learning approach that has found applications in a wide range of fields, including healthcare, transportation, and finance. However, we empirically demonstrate that DNFS is vulnerable to adversarial examples generated by various attack algorithms, raising numerous concerns about its reliability in security-critical scenarios. Existing defense mechanisms designed for deep neural networks (DNNs) often rely on specific knowledge of attacks and their parameters. Consequently, considering the diversity and uncertainty of potential attacking methods, designing defense strategies to enhance the robustness of DNN-based and DNFS-based models against multiple attacks still remains a challenging task. In this work, we propose a comprehensive defense mechanism, named perturbation destruction and information recovery (PDIR), for image classification tasks, that achieves practical robustness against multiple attacks. PDIR employs a combination of perturbation destruction through randomization and multiplication and information recovery using a pixel-to-pixel network. Experimental results demonstrate that PDIR outperforms state-of-the-art defenses, such as joint photographic experts group (JPEG), total variation minimization (TVM), adaptive diversity promoting (ADP), gradient alignment loss (GAL), diversifying vulnerabilities for enhanced robust generation of ensembles (DVERGE), and transferability reduced smooth, against both white-box and black-box attacks.
Loading