ARGAN: Adversarially Robust Generative Adversarial Networks for Deep Neural Networks Against Adversarial ExamplesDownload PDFOpen Website

SeokHwan Choi, Jin-Myeong Shin, Peng Liu, Yoon-Ho Choi

2022 (modified: 16 Nov 2022)IEEE Access 2022Readers: Everyone
Abstract: An adversarial example, which is an input instance with small, intentional feature perturbations to machine learning models, represents a concrete problem in Artificial intelligence safety. As an emerging defense method to defend against adversarial examples, generative adversarial networks-based defense methods have recently been studied. However, the performance of the state-of-the-art generative adversarial networks-based defense methods is limited because the target deep neural network models with generative adversarial networks-based defense methods are robust against <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">adversarial examples</i> but make a false decision for <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">legitimate input data</i> . To solve the accuracy degradation of the generative adversarial networks-based defense methods for <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">legitimate input data</i> , we propose a new generative adversarial networks-based defense method, which is called Adversarially Robust Generative Adversarial Networks(ARGAN). While converting input data to machine learning models using the two-step transformation architecture, ARGAN learns the generator model to reflect the vulnerability of the target deep neural network model against adversarial examples and optimizes parameter values of the generator model for a joint loss function. From the experimental results under various datasets collected from diverse applications, we show that the accuracy of ARGAN for <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">legitimate input data</i> is good-enough while keeping the target deep neural network model robust against <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">adversarial examples</i> . We also show that the accuracy of ARGAN outperforms the accuracy of the state-of-the-art generative adversarial networks-based defense methods.
0 Replies