L 1-norm double backpropagation adversarial defense
This addresses security vulnerabilities in neural networks for applications like image recognition, but it appears incremental as it builds on existing adversarial training methods.
The paper tackles the problem of adversarial examples in deep neural networks by proposing a penalization term to make the decision function locally less sensitive to attacks, showing promising results when combined with adversarial training.
Adversarial examples are a challenging open problem for deep neural networks. We propose in this paper to add a penalization term that forces the decision function to be at in some regions of the input space, such that it becomes, at least locally, less sensitive to attacks. Our proposition is theoretically motivated and shows on a first set of carefully conducted experiments that it behaves as expected when used alone, and seems promising when coupled with adversarial training.