Deep Defense: Training DNNs with Improved Adversarial Robustness

author-image

By

Despite the efficacy on a variety of computer vision tasks, deep neural networks (DNNs) are vulnerable to adversarial attacks, limiting their applications in security-critical systems. Recent works have shown the possibility of generating imperceptibly perturbed image inputs (a.k.a., adversarial examples) to fool well-trained DNN classifiers into making arbitrary predictions. To address this problem, we propose a training recipe named "deep defense". Our core idea is to integrate an adversarial perturbation-based regularizer into the classification objective, such that the obtained models learn to resist potential attacks, directly and precisely. The whole optimization problem is solved just like training a recursive network. Experimental results demonstrate that our method outperforms training with adversarial/Parseval regularizations by large margins on various datasets (including MNIST, CIFAR-10 and ImageNet) and different DNN architectures. Code and models for reproducing our results will be made publicly available.

Authors

Related Content

We are concerned with learning models that generalize well to different unseen domains. We consider a worst-case formulation over data...

View publication

This paper presents HeNet, a hierarchical ensemble neural network, applied to classify hardware-generated control flow traces for malware detection. Deep...

View publication

We present a semi-parametric approach to photographic image synthesis from semantic layouts. The approach combines the complementary strengths of parametric...

View publication

This paper presents BigDAWG, a reference implementation of a new architecture for “Big Data” applications. Such applications not only call...

View publication

Show more Show less

Stay Connected

Keep tabs on all the latest news with our monthly newsletter.

Subscribe

@intelai

@intelairesearch

@intelai

intel-ai

intelai

Intel Newsroom

Intel® AI Builders

intel ai events

Authors
Related Content

<script>var isTargetEnabled =false;</script>

<script type="text/javascript">
    var cq_tms = {
        wa_emtcontenttype: "emtcontenttype:donotuse/webpage/landingpage",
        wa_emtsubject: "emtsubject:itinformationtechnology/aiartificialintelligence",
        
        wa_industry_type: "",
        wa_partner_prog: "",
        wa_subject: "",
        wa_biz_size: "",
        wa_emt_org: "",
        wa_emt_intel: "",
        wa_partner_type: "",
        wa_programidentifier: "none",
        wa_location: "us",
        wa_language: "en",
        wa_english_title: "Deep Defense: Training DNNs with Improved Adversarial Robustness",
        wa_content_type: "landingpage",
        wa_intel_platform: "",
        wa_applications: "",
        wa_local: "en_US",
        wa_intel_technology: "",
        wa_system_type: "",
        wa_product_name: "",
        wa_audience: "emtaudience:business/btssbusinesstechnologysolutionspecialist/developer/artificialintelligenceaiapplicationdeveloper",
        wa_life_cycle: "",
        wa_cq_url: "/content/www/us/en/artificial-intelligence/researches/deep-defense-training-dnns-with-improved-adversarial-robustness.html",
        wa_page_type_micro: "mf-article-long",
        wa_env: "prd",
        wa_cq_pub_env: "publish",
        wa_transl_status: "",
        wa_product_id: "",
        wa_software: "",
        wa_reference_design: "",
        wa_codename: "",
        wa_created_date: "1585760500957",
        wa_modified_date: "1581968179851",
        wa_off_time: "1674028800000",
        wa_ownedby: "",
        wa_managedby: "",
        wa_idz_nid : "",
        wa_event_type: "",
        wa_idz_custom_tags: "",
        wa_programming_language: "",
        wa_skill_level: "",
        wa_solution: "",
        wa_product_formFactor: "",
        wa_operating_system: "",
        wa_marketing_products: "",
        wa_ssg_third_party_prod_sys_sol: "",
        wa_upeNamespace: "",
        wa_doc_id:"",
        wa_doc_version:"",
        wa_doc_publishdate:"",
        
        wa_secondary_content_type: ""
        
        
    };

cq_tms.wa_tms_sync_load = "deferred";
    
    
</script>

<script type="text/javascript">
    var chatContextObj = {};
    chatContextObj["locale"] = 'en-US';
    chatContextObj["app"] = 'Sales';
    chatContextObj["supportProductMap"] = 'NA';
</script>
<script src="/etc.clientlibs/settings/wcm/designs/ver/220720/intel/clientlibs/detect-idsa.min.js" defer></script>

<script type="text/javascript" src="/content/dam/www/global/wap/tms.sync.js" async></script>

<link rel="stylesheet" href="/etc.clientlibs/settings/wcm/designs/ver/220720/intel/clientlibs/pages/commons-page.min.css" type="text/css"><script src="/etc.clientlibs/settings/wcm/designs/ver/220720/intel/clientlibs/pages/commons-page.min.js" defer></script>

<link rel="preload" href="/etc.clientlibs/settings/wcm/designs/ver/220720/intel/clientlibs/pages/contact-us.min.css" as="style"><link rel="stylesheet" href="/etc.clientlibs/settings/wcm/designs/ver/220720/intel/clientlibs/pages/contact-us.min.css" type="text/css">

<script>!function(){var e=setInterval(function(){"undefined"!=typeof $CQ&&($CQ(function(){CQ_Analytics.SegmentMgr.loadSegments("/etc/segmentation"),CQ_Analytics.ClientContextUtils.init("/etc/clientcontext/intel",window.location.pathname.substr(0,window.location.pathname.indexOf(".")))}),clearInterval(e))},100)}();</script>

<link rel="preload" as="style" href="/etc.clientlibs/settings/wcm/designs/intel/us/en/css/resources/css/intel.rwd.override.css"/>
<link rel="stylesheet" type="text/css" href="/etc.clientlibs/settings/wcm/designs/intel/us/en/css/resources/css/intel.rwd.override.css"/>