QuSecNets: Quantization-based Defense Mechanism for Securing Deep Neural Network against Adversarial Attacks
This addresses security vulnerabilities in deep learning models for applications like image recognition, though it is incremental as it builds on existing quantization methods.
The paper tackles the problem of adversarial attacks on convolutional neural networks by proposing two quantization-based defense mechanisms, Constant Quantization and Trainable Quantization, which increased classification accuracy on perturbed images by 50%-96% for MNIST and 10%-50% for CIFAR-10 datasets.
Adversarial examples have emerged as a significant threat to machine learning algorithms, especially to the convolutional neural networks (CNNs). In this paper, we propose two quantization-based defense mechanisms, Constant Quantization (CQ) and Trainable Quantization (TQ), to increase the robustness of CNNs against adversarial examples. CQ quantizes input pixel intensities based on a "fixed" number of quantization levels, while in TQ, the quantization levels are "iteratively learned during the training phase", thereby providing a stronger defense mechanism. We apply the proposed techniques on undefended CNNs against different state-of-the-art adversarial attacks from the open-source \textit{Cleverhans} library. The experimental results demonstrate 50%-96% and 10%-50% increase in the classification accuracy of the perturbed images generated from the MNIST and the CIFAR-10 datasets, respectively, on commonly used CNN (Conv2D(64, 8x8) - Conv2D(128, 6x6) - Conv2D(128, 5x5) - Dense(10) - Softmax()) available in \textit{Cleverhans} library.