Polarizing Front Ends for Robust CNNs
This addresses the problem of adversarial robustness in CNNs for security-critical applications, but it appears incremental as it builds on existing nonlinear strategies.
The paper tackled the vulnerability of deep neural networks to adversarial perturbations by proposing a nonlinear front end that polarizes and quantizes data, achieving complete elimination of perturbations in ideal cases and testing on MNIST and Fashion MNIST datasets.
The vulnerability of deep neural networks to small, adversarially designed perturbations can be attributed to their "excessive linearity." In this paper, we propose a bottom-up strategy for attenuating adversarial perturbations using a nonlinear front end which polarizes and quantizes the data. We observe that ideal polarization can be utilized to completely eliminate perturbations, develop algorithms to learn approximately polarizing bases for data, and investigate the effectiveness of the proposed strategy on the MNIST and Fashion MNIST datasets.