Open Peer Review. Open Publishing. Open Access. Open Discussion. Open Directory. Open Recommendations. Open API. Open Source.
Robustness to Adversarial Examples through an Ensemble of Specialists
Mahdieh Abbasi, Christian Gagne
Feb 17, 2017 (modified: Mar 09, 2017)ICLR 2017 workshop submissionreaders: everyone
Abstract:We are proposing to use an ensemble of diverse specialists, where speciality is defined according to the confusion matrix. Indeed, we observed that for adversarial instances originating from a given class, labeling tend to be done into a small subset of (incorrect) classes. Therefore, we argue that an ensemble of specialists should be better able to identify and reject fooling instances, with a high entropy (i.e., disagreement) over the decisions in the presence of adversaries. Experimental results obtained confirm that interpretation, opening a way to make the system more robust to adversarial examples through a rejection mechanism, rather than trying to classify them properly at any cost.
Enter your feedback below and we'll get back to you as soon as possible.