Implicit Generative Modeling of Random Noise during Training for Adversarial Robustness
This addresses the problem of adversarial vulnerability in machine learning models, offering an incremental improvement by extending robustness beyond standard adversarial training in both white-box and black-box scenarios.
The paper tackles adversarial robustness in neural networks by introducing Noise-based prior Learning (NoL), which implicitly models random noise during training to improve understanding of the data manifold, resulting in models that perform well against a wide range of attacks and enhance robustness when combined with adversarial training.
We introduce a Noise-based prior Learning (NoL) approach for training neural networks that are intrinsically robust to adversarial attacks. We find that the implicit generative modeling of random noise with the same loss function used during posterior maximization, improves a model's understanding of the data manifold furthering adversarial robustness. We evaluate our approach's efficacy and provide a simplistic visualization tool for understanding adversarial data, using Principal Component Analysis. Our analysis reveals that adversarial robustness, in general, manifests in models with higher variance along the high-ranked principal components. We show that models learnt with our approach perform remarkably well against a wide-range of attacks. Furthermore, combining NoL with state-of-the-art adversarial training extends the robustness of a model, even beyond what it is adversarially trained for, in both white-box and black-box attack scenarios.