Adversarial Defense Via Data Dependent Activation Function and  Total Variation Minimization

Bao Wang; Alex T. Lin; Zuoqiang Shi; Wei Zhu; Penghang Yin; Andrea L. Bertozzi; Stanley J. Osher

Adversarial Defense Via Data Dependent Activation Function and Total Variation Minimization

Bao Wang, Alex T. Lin, Zuoqiang Shi, Wei Zhu, Penghang Yin, Andrea L. Bertozzi, Stanley J. Osher

27 Sept 2018 (modified: 05 May 2023)ICLR 2019 Conference Withdrawn SubmissionReaders: Everyone

Abstract: We improve the robustness of deep neural nets to adversarial attacks by using an interpolating function as the output activation. This data-dependent activation function remarkably improves both classification accuracy and stability to adversarial perturbations. Together with the total variation minimization of adversarial images and augmented training, under the strongest attack, we achieve up to 20.6%, 50.7%, and 68.7% accuracy improvement w.r.t. the fast gradient sign method, iterative fast gradient sign method, and Carlini-WagnerL2attacks, respectively. Our defense strategy is additive to many of the existing methods. We give an intuitive explanation of our defense strategy via analyzing the geometry of the feature space. For reproducibility, the code will be available on GitHub.

Keywords: Adversarial Attack, Adversarial Defense, Data Dependent Activation Function, Total Variation Minimization

TL;DR: We proposal strategies for adversarial defense based on data dependent activation function, total variation minimization, and training data augmentation

13 Replies

Loading