Biologically Inspired Mechanisms for Adversarial Robustness
This work addresses adversarial robustness for neural networks, offering incremental insights by applying known biological concepts to enhance specific defenses.
The paper tackled the problem of adversarial robustness in neural networks by investigating biologically inspired mechanisms, demonstrating that non-uniform retinal sampling and multiple receptive fields improve robustness to small adversarial perturbations without gradient obfuscation.
A convolutional neural network strongly robust to adversarial perturbations at reasonable computational and performance cost has not yet been demonstrated. The primate visual ventral stream seems to be robust to small perturbations in visual stimuli but the underlying mechanisms that give rise to this robust perception are not understood. In this work, we investigate the role of two biologically plausible mechanisms in adversarial robustness. We demonstrate that the non-uniform sampling performed by the primate retina and the presence of multiple receptive fields with a range of receptive field sizes at each eccentricity improve the robustness of neural networks to small adversarial perturbations. We verify that these two mechanisms do not suffer from gradient obfuscation and study their contribution to adversarial robustness through ablation studies.