Feedback Learning for Improving the Robustness of Neural Networks
This addresses the robustness issue for neural network users, but it appears incremental as it builds on existing adversarial training methods.
The paper tackles the problem of neural networks being vulnerable to adversarial and non-adversarial evasion attacks by proposing a feedback learning method that analyzes model robustness in the decision space, resulting in significant improvements in accuracy and robustness against various attack types.
Recent research studies revealed that neural networks are vulnerable to adversarial attacks. State-of-the-art defensive techniques add various adversarial examples in training to improve models' adversarial robustness. However, these methods are not universal and can't defend unknown or non-adversarial evasion attacks. In this paper, we analyze the model robustness in the decision space. A feedback learning method is then proposed, to understand how well a model learns and to facilitate the retraining process of remedying the defects. The evaluations according to a set of distance-based criteria show that our method can significantly improve models' accuracy and robustness against different types of evasion attacks. Moreover, we observe the existence of inter-class inequality and propose to compensate it by changing the proportions of examples generated in different classes.