ShieldNets: Defending Against Adversarial Attacks Using Probabilistic Adversarial Robustness
Abstract
Defending adversarial attack is a critical step towards reliable deployment of deep learning empowered solutions for industrial applications. Probabilistic adversarial robustness (PAR), as a theoretical framework, is introduced to neutralize adversarial attacks by concentrating sample probability to adversarial-free zones. Distinct to most of the existing defense mechanisms that require modifying the architecture/training of the target classifier which is not feasible in the real-world scenario, e.g., when a model has already been deployed, PAR is designed in the first place to provide proactive protection to an existing fixed model. ShieldNet is implemented as a demonstration of PAR in this work by using PixelCNN. Experimental results show that this approach is generalizable, robust against adversarial transferability and resistant to a wide variety of attacks on the Fashion-MNIST and CIFAR10 datasets, respectively.
Cite
Text
Theagarajan et al. "ShieldNets: Defending Against Adversarial Attacks Using Probabilistic Adversarial Robustness." Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2019. doi:10.1109/CVPR.2019.00715Markdown
[Theagarajan et al. "ShieldNets: Defending Against Adversarial Attacks Using Probabilistic Adversarial Robustness." Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2019.](https://mlanthology.org/cvpr/2019/theagarajan2019cvpr-shieldnets/) doi:10.1109/CVPR.2019.00715BibTeX
@inproceedings{theagarajan2019cvpr-shieldnets,
title = {{ShieldNets: Defending Against Adversarial Attacks Using Probabilistic Adversarial Robustness}},
author = {Theagarajan, Rajkumar and Chen, Ming and Bhanu, Bir and Zhang, Jing},
booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
year = {2019},
doi = {10.1109/CVPR.2019.00715},
url = {https://mlanthology.org/cvpr/2019/theagarajan2019cvpr-shieldnets/}
}