Robust Neural Networks using Randomized Adversarial Training - Archive ouverte HAL Accéder directement au contenu
Pré-Publication, Document De Travail Année : 2020

Robust Neural Networks using Randomized Adversarial Training

Résumé

Since the discovery of adversarial examples in machine learning, researchers have designed several techniques to train neural networks that are robust against different types of attacks (most notably ∞ and 2 based attacks). However , it has been observed that the defense mechanisms designed to protect against one type of attack often offer poor performance against the other. In this paper, we introduce Randomized Adversarial Training (RAT), a technique that is efficient both against 2 and ∞ attacks. To obtain this result, we build upon adversarial training, a technique that is efficient against ∞ attacks, and demonstrate that adding random noise at training and inference time further improves performance against 2 attacks. We then show that RAT is as efficient as adversarial training against ∞ attacks while being robust against strong 2 attacks. Our final comparative experiments demonstrate that RAT outperforms all state-of-the-art approaches against 2 and ∞ attacks.
Fichier principal
Vignette du fichier
IJCAI___Robust_Neural_Networks_using_Randomized_Adversarial_Training (1).pdf (321.43 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-02380184 , version 1 (26-11-2019)
hal-02380184 , version 2 (06-02-2020)

Identifiants

  • HAL Id : hal-02380184 , version 2

Citer

Alexandre Araujo, Laurent Meunier, Rafael Pinot, Benjamin Negrevergne. Robust Neural Networks using Randomized Adversarial Training. 2020. ⟨hal-02380184v2⟩
194 Consultations
531 Téléchargements

Partager

Gmail Facebook X LinkedIn More