Robustness to Adversarial Examples through an Ensemble of Specialists
This addresses adversarial robustness in machine learning, but it appears incremental as it builds on existing ensemble and rejection approaches.
The paper tackles the problem of adversarial examples by using an ensemble of specialists based on confusion matrix patterns to identify and reject fooling instances, achieving robustness through a rejection mechanism rather than correct classification.
We are proposing to use an ensemble of diverse specialists, where speciality is defined according to the confusion matrix. Indeed, we observed that for adversarial instances originating from a given class, labeling tend to be done into a small subset of (incorrect) classes. Therefore, we argue that an ensemble of specialists should be better able to identify and reject fooling instances, with a high entropy (i.e., disagreement) over the decisions in the presence of adversaries. Experimental results obtained confirm that interpretation, opening a way to make the system more robust to adversarial examples through a rejection mechanism, rather than trying to classify them properly at any cost.