Regularized Ensembles and Transferability in Adversarial Learning
This work addresses security vulnerabilities in neural networks for applications requiring robustness against adversarial attacks, but it appears incremental as it builds on existing regularization and ensemble methods.
The paper tackled the problem of adversarial example transferability between neural networks by exploring the impact of different regularization techniques and ensemble methods, showing that these approaches create barriers to transferability.
Despite the considerable success of convolutional neural networks in a broad array of domains, recent research has shown these to be vulnerable to small adversarial perturbations, commonly known as adversarial examples. Moreover, such examples have shown to be remarkably portable, or transferable, from one model to another, enabling highly successful black-box attacks. We explore this issue of transferability and robustness from two dimensions: first, considering the impact of conventional $l_p$ regularization as well as replacing the top layer with a linear support vector machine (SVM), and second, the value of combining regularized models into an ensemble. We show that models trained with different regularizers present barriers to transferability, as does partial information about the models comprising the ensemble.