SANE: Exploring Adversarial Robustness With Stochastically Activated Network Ensembles

Ibrahim Ben Daya, Mohammad Javad Shafiee, Michelle Karg, Christian Scharfenberger, Alexander Wong; The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, 2019, pp. 95-98

Abstract


A major challenge to the adoption of deep neural net- works in real-world applications is their robustness in different scenarios. Deep neural networks have been shown to be particularly susceptible to adversarial attacks: malicious perturbations to the input that fool networks into predicting the wrong label. In this study, we propose a new framework to improve adversarial robustness using stochastically activated network ensembles (SANE), where an ensemble of deep neural networks with heterogeneous architectures is stochastically activated such that a subset of the more robust networks in the ensemble are responsible for a prediction. The proposed framework treats networks as nodes in a probabilistic graphical model to detect networks in the ensemble that are likely to be robust against an adversarial attack and activate them to be part of the decision making process. Experimental results under different adversarial attacks show that the proposed SANE cannot only noticeably improve robustness to adversarial attacks compared to a general ensemble approach, but provide further improvements against adversarial attacks when combined with additional stochastic defense mechanisms.

Related Material


[pdf]
[bibtex]
@InProceedings{Daya_2019_CVPR_Workshops,
author = {Ben Daya, Ibrahim and Javad Shafiee, Mohammad and Karg, Michelle and Scharfenberger, Christian and Wong, Alexander},
title = {SANE: Exploring Adversarial Robustness With Stochastically Activated Network Ensembles},
booktitle = {The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) Workshops},
month = {June},
year = {2019}
}