ShieldNets: Defending Against Adversarial Attacks Using Probabilistic Adversarial Robustness

Rajkumar Theagarajan, Ming Chen, Bir Bhanu, Jing Zhang; The IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2019, pp. 6988-6996

Abstract


Defending adversarial attack is a critical step towards reliable deployment of deep learning empowered solutions for industrial applications. Probabilistic adversarial robustness (PAR), as a theoretical framework, is introduced to neutralize adversarial attacks by concentrating sample probability to adversarial-free zones. Distinct to most of the existing defense mechanisms that require modifying the architecture/training of the target classifier which is not feasible in the real-world scenario, e.g., when a model has already been deployed, PAR is designed in the first place to provide proactive protection to an existing fixed model. ShieldNet is implemented as a demonstration of PAR in this work by using PixelCNN. Experimental results show that this approach is generalizable, robust against adversarial transferability and resistant to a wide variety of attacks on the Fashion-MNIST and CIFAR10 datasets, respectively.

Related Material


[pdf] [supp]
[bibtex]
@InProceedings{Theagarajan_2019_CVPR,
author = {Theagarajan, Rajkumar and Chen, Ming and Bhanu, Bir and Zhang, Jing},
title = {ShieldNets: Defending Against Adversarial Attacks Using Probabilistic Adversarial Robustness},
booktitle = {The IEEE Conference on Computer Vision and Pattern Recognition (CVPR)},
month = {June},
year = {2019}
}