Generative Adversarial Trainer: Defense to Adversarial Perturbations with GAN
This addresses the security vulnerability of neural networks to adversarial attacks, offering a novel defense method that is incremental in using GANs for supervised learning robustness.
The paper tackles the problem of making neural networks robust to adversarial examples by proposing a generative adversarial network (GAN)-based adversarial training technique, where a generator creates perturbations to fool a classifier while the classifier learns to classify both original and adversarial images, resulting in significantly lower generalization error on CIFAR datasets.
We propose a novel technique to make neural network robust to adversarial examples using a generative adversarial network. We alternately train both classifier and generator networks. The generator network generates an adversarial perturbation that can easily fool the classifier network by using a gradient of each image. Simultaneously, the classifier network is trained to classify correctly both original and adversarial images generated by the generator. These procedures help the classifier network to become more robust to adversarial perturbations. Furthermore, our adversarial training framework efficiently reduces overfitting and outperforms other regularization methods such as Dropout. We applied our method to supervised learning for CIFAR datasets, and experimantal results show that our method significantly lowers the generalization error of the network. To the best of our knowledge, this is the first method which uses GAN to improve supervised learning.