Abstract
Vulnerability to adversarial inputs remains an issue for deep neural networks. Attackers can slightly modify inputs in order to cause adverse behavior in otherwise highly accurate networks. In addition to making these networks less secure for real world applications, this also emphasizes a misalignment between the features the network uses to make decisions and the ones humans use. In this work we propose that more interpretable networks should yield more robust ones since they are able to rely on features that are more understandable to humans. More specifically, we take inspiration from interpretability based approaches to adversarial robustness, and propose a sparsity based defense to counter the impact of overparameterization on adversarial vulnerability. Building off of the work of the Dynamic-K algorithm, which introduces dynamic routing to fully connected layers in order to encourage sparse, interpretable predictions, we propose TopKConv, a novel method of reducing the number of activation channels used to construct each convolutional feature map. The incorporation of TopKConv alongside Dynamic-k results in a significant increase in adversarial accuracy at no cost to benign accuracy. Further, this is achieved with no fine tuning of or adversarial training.
Original language | English |
---|---|
Title of host publication | Proceedings - 20th IEEE International Conference on Machine Learning and Applications, ICMLA 2021 |
Editors | M. Arif Wani, Ishwar K. Sethi, Weisong Shi, Guangzhi Qu, Daniela Stan Raicu, Ruoming Jin |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 15-22 |
Number of pages | 8 |
ISBN (Electronic) | 9781665443371 |
DOIs | |
State | Published - 2021 |
Externally published | Yes |
Event | 20th IEEE International Conference on Machine Learning and Applications, ICMLA 2021 - Virtual, Online, United States Duration: Dec 13 2021 → Dec 16 2021 |
Publication series
Name | Proceedings - 20th IEEE International Conference on Machine Learning and Applications, ICMLA 2021 |
---|
Conference
Conference | 20th IEEE International Conference on Machine Learning and Applications, ICMLA 2021 |
---|---|
Country/Territory | United States |
City | Virtual, Online |
Period | 12/13/21 → 12/16/21 |
Keywords
- Adversarial defense
- Dynamic routing
- Sparse training