Adversarially Robust Training through Structured Gradient Regularization
This addresses the issue of adversarial vulnerabilities in neural networks for security-critical applications, but it appears incremental as it builds on existing regularization techniques.
The paper tackles the problem of adversarial robustness in neural networks by proposing a structured gradient regularizer, which adds minimal computational overhead and is simple to implement, with experiments showing it acts as an effective defense against low-level signal corruption attacks.
We propose a novel data-dependent structured gradient regularizer to increase the robustness of neural networks vis-a-vis adversarial perturbations. Our regularizer can be derived as a controlled approximation from first principles, leveraging the fundamental link between training with noise and regularization. It adds very little computational overhead during learning and is simple to implement generically in standard deep learning frameworks. Our experiments provide strong evidence that structured gradient regularization can act as an effective first line of defense against attacks based on low-level signal corruption.