publication . Other literature type . Preprint . Article . 2019

Discretization Based Solutions for Secure Machine Learning Against Adversarial Attacks

Priyadarshini Panda; Indranil Chakraborty; Kaushik Roy;
  • Published: 08 Feb 2019
  • Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Adversarial examples are perturbed inputs that are designed (from a deep learning network's (DLN) parameter gradients) to mislead the DLN during test time. Intuitively, constraining the dimensionality of inputs or parameters of a network reduces the 'space' in which adversarial examples exist. Guided by this intuition, we demonstrate that discretization greatly improves the robustness of DLNs against adversarial attacks. Specifically, discretizing the input space (or allowed pixel levels from 256 values or 8-bit to 4 values or 2-bit) extensively improves the adversarial robustness of DLNs for a substantial range of perturbations for minimal loss in test accuracy...
Subjects
arXiv: Computer Science::Cryptography and Security
free text keywords: Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Computer Vision and Pattern Recognition, Statistics - Machine Learning, General Engineering, General Materials Science, General Computer Science, MNIST database, Curse of dimensionality, Discretization, Artificial intelligence, business.industry, business, Distributed computing, Adversarial system, Pixel, Deep learning, Algorithm, Intuition, Computer science, Robustness (computer science)
21 references, page 1 of 2

[1] Y. LeCun, Y. Bengio, and G. Hinton, “Deep learning,” nature, vol. 521, no. 7553, p. 436, 2015.

[2] A. Kurakin, I. Goodfellow, and S. Bengio, “Adversarial examples in the physical world,” arXiv preprint arXiv:1607.02533, 2016.

[3] I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples. corr (2015).”

[4] P. Panda and K. Roy, “Explainable learning: Implicit generative modelling during training for adversarial robustness,” arXiv preprint arXiv:1807.02188, 2018.

[5] C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus, “Intriguing properties of neural networks,” arXiv preprint arXiv:1312.6199, 2013.

[6] I. Hubara, M. Courbariaux, D. Soudry, R. El-Yaniv, and Y. Bengio, “Binarized neural networks,” in Advances in neural information processing systems, 2016, pp. 4107-4115. [OpenAIRE]

[7] M. Rastegari, V. Ordonez, J. Redmon, and A. Farhadi, “Xnor-net: Imagenet classification using binary convolutional neural networks,” in European Conference on Computer Vision. Springer, 2016, pp. 525- 542.

[8] C. Guo, M. Rana, M. Cisse, and L. van der Maaten, “Countering adversarial images using input transformations,” 2018.

[9] J. Buckman, A. Roy, C. Raffel, and I. Goodfellow, “Thermometer encoding: One hot way to resist adversarial examples,” 2018.

[10] J. Chen, X. Wu, Y. Liang, and S. Jha, “Improving adversarial robustness by data-specific discretization,” arXiv preprint arXiv:1805.07816, 2018.

[11] W. Xu, D. Evans, and Y. Qi, “Feature squeezing: Detecting adversarial examples in deep neural networks,” arXiv preprint arXiv:1704.01155, 2017.

[12] Y. LeCun, “The mnist database of handwritten digits,” http://yann. lecun. com/exdb/mnist/, 1998.

[13] A. Krizhevsky, V. Nair, and G. Hinton, “Cifar-10 and cifar-100 datasets,” URl: https://www. cs. toronto. edu/kriz/cifar. html (vi sited on Mar. 1, 2016), 2009.

[14] A. Galloway, G. W. Taylor, and M. Moussa, “Attacking binarized neural networks,” ICLR, 2018.

[15] F. Trame`r, A. Kurakin, N. Papernot, I. Goodfellow, D. Boneh, and P. McDaniel, “Ensemble adversarial training: Attacks and defenses,” ICLR, 2018.

21 references, page 1 of 2
Abstract
Adversarial examples are perturbed inputs that are designed (from a deep learning network's (DLN) parameter gradients) to mislead the DLN during test time. Intuitively, constraining the dimensionality of inputs or parameters of a network reduces the 'space' in which adversarial examples exist. Guided by this intuition, we demonstrate that discretization greatly improves the robustness of DLNs against adversarial attacks. Specifically, discretizing the input space (or allowed pixel levels from 256 values or 8-bit to 4 values or 2-bit) extensively improves the adversarial robustness of DLNs for a substantial range of perturbations for minimal loss in test accuracy...
Subjects
arXiv: Computer Science::Cryptography and Security
free text keywords: Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Computer Vision and Pattern Recognition, Statistics - Machine Learning, General Engineering, General Materials Science, General Computer Science, MNIST database, Curse of dimensionality, Discretization, Artificial intelligence, business.industry, business, Distributed computing, Adversarial system, Pixel, Deep learning, Algorithm, Intuition, Computer science, Robustness (computer science)
21 references, page 1 of 2

[1] Y. LeCun, Y. Bengio, and G. Hinton, “Deep learning,” nature, vol. 521, no. 7553, p. 436, 2015.

[2] A. Kurakin, I. Goodfellow, and S. Bengio, “Adversarial examples in the physical world,” arXiv preprint arXiv:1607.02533, 2016.

[3] I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples. corr (2015).”

[4] P. Panda and K. Roy, “Explainable learning: Implicit generative modelling during training for adversarial robustness,” arXiv preprint arXiv:1807.02188, 2018.

[5] C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus, “Intriguing properties of neural networks,” arXiv preprint arXiv:1312.6199, 2013.

[6] I. Hubara, M. Courbariaux, D. Soudry, R. El-Yaniv, and Y. Bengio, “Binarized neural networks,” in Advances in neural information processing systems, 2016, pp. 4107-4115. [OpenAIRE]

[7] M. Rastegari, V. Ordonez, J. Redmon, and A. Farhadi, “Xnor-net: Imagenet classification using binary convolutional neural networks,” in European Conference on Computer Vision. Springer, 2016, pp. 525- 542.

[8] C. Guo, M. Rana, M. Cisse, and L. van der Maaten, “Countering adversarial images using input transformations,” 2018.

[9] J. Buckman, A. Roy, C. Raffel, and I. Goodfellow, “Thermometer encoding: One hot way to resist adversarial examples,” 2018.

[10] J. Chen, X. Wu, Y. Liang, and S. Jha, “Improving adversarial robustness by data-specific discretization,” arXiv preprint arXiv:1805.07816, 2018.

[11] W. Xu, D. Evans, and Y. Qi, “Feature squeezing: Detecting adversarial examples in deep neural networks,” arXiv preprint arXiv:1704.01155, 2017.

[12] Y. LeCun, “The mnist database of handwritten digits,” http://yann. lecun. com/exdb/mnist/, 1998.

[13] A. Krizhevsky, V. Nair, and G. Hinton, “Cifar-10 and cifar-100 datasets,” URl: https://www. cs. toronto. edu/kriz/cifar. html (vi sited on Mar. 1, 2016), 2009.

[14] A. Galloway, G. W. Taylor, and M. Moussa, “Attacking binarized neural networks,” ICLR, 2018.

[15] F. Trame`r, A. Kurakin, N. Papernot, I. Goodfellow, D. Boneh, and P. McDaniel, “Ensemble adversarial training: Attacks and defenses,” ICLR, 2018.

21 references, page 1 of 2
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue
publication . Other literature type . Preprint . Article . 2019

Discretization Based Solutions for Secure Machine Learning Against Adversarial Attacks

Priyadarshini Panda; Indranil Chakraborty; Kaushik Roy;