Robust Dynamical Step Adversarial Training Defense for Deep Neural Networks
Abstract
Although machine learning (ML) algorithms show impressive performance on computer vision
tasks, neural networks are still vulnerable to adversarial examples. Adversarial examples typically
stay indistinguishable to human, while they can dramatically decrease the classifying accuracy of
the neural network. Adversarial training generates such examples and train them together with
the clean data to increase robustness. Researchers has stated that the ”projected gradient descent”
(PGD) adversarial training method specifies a concrete security guarantee on the neural network
against adversarial attacks. The model trained with PGD adversaries performs robust against several
different gradient based attack methods under l∞-norm. This work proposes a Dynamical
Step Adversarial (DSA) training method to generate adversaries for training by dynamically adjusting
the length of step during each iteration. The paper demonstrates the robustness of DSA
adversarial training model against different gradient-based attacks. The performance of the DSA
training model under different l∞-norm measurement attacks is compared with other protection
methods. Finally, DSA with different numbers of steps are compared under Fast Gradient Sign
Method (FGSM) and PGD attacks.
Citation
He, Yukun (2018). Robust Dynamical Step Adversarial Training Defense for Deep Neural Networks. Master's thesis, Texas A & M University. Available electronically from https : / /hdl .handle .net /1969 .1 /174606.