Deep Minimax Probability Machine
This addresses the problem of adversarial robustness in deep learning for applications requiring reliable classification, but it is incremental as it builds on existing MPM methods.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by proposing Deep Minimax Probability Machine (DeepMPM), which integrates MPM into deep networks to minimize an upper bound on misclassification probabilities, achieving comparable classification performance with CNNs and improved robustness on adversarial attacks in experiments on two real-world datasets.
Deep neural networks enjoy a powerful representation and have proven effective in a number of applications. However, recent advances show that deep neural networks are vulnerable to adversarial attacks incurred by the so-called adversarial examples. Although the adversarial example is only slightly different from the input sample, the neural network classifies it as the wrong class. In order to alleviate this problem, we propose the Deep Minimax Probability Machine (DeepMPM), which applies MPM to deep neural networks in an end-to-end fashion. In a worst-case scenario, MPM tries to minimize an upper bound of misclassification probabilities, considering the global information (i.e., mean and covariance information of each class). DeepMPM can be more robust since it learns the worst-case bound on the probability of misclassification of future data. Experiments on two real-world datasets can achieve comparable classification performance with CNN, while can be more robust on adversarial attacks.