Adversarial Defense via Data Dependent Activation Function and Total Variation Minimization

Add code
Sep 23, 2018
Bao Wang, Alex T. Lin, Zuoqiang Shi, Wei Zhu, Penghang Yin, Andrea L. Bertozzi, Stanley J. Osher
Figure 1 for Adversarial Defense via Data Dependent Activation Function and Total Variation Minimization
Figure 2 for Adversarial Defense via Data Dependent Activation Function and Total Variation Minimization
Figure 3 for Adversarial Defense via Data Dependent Activation Function and Total Variation Minimization
Figure 4 for Adversarial Defense via Data Dependent Activation Function and Total Variation Minimization

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

We improve the robustness of deep neural nets to adversarial attacks by using an interpolating function as the output activation. This data-dependent activation function remarkably improves both classification accuracy and stability to adversarial perturbations. Together with the total variation minimization of adversarial images and augmented training, under the strongest attack, we achieve up to 20.6$\%$, 50.7$\%$, and 68.7$\%$ accuracy improvement w.r.t. the fast gradient sign method, iterative fast gradient sign method, and Carlini-Wagner $L_2$ attacks, respectively. Our defense strategy is additive to many of the existing methods. We give an intuitive explanation of our defense strategy via analyzing the geometry of the feature space. For reproducibility, the code is made available at: https://github.com/BaoWangMath/DNN-DataDependentActivation.

* 11 pages, 5 figures  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon