Evaluating a Simple Retraining Strategy as a Defense Against Adversarial Attacks
This addresses the problem of securing neural networks against adversarial attacks for AI practitioners, but it is incremental as it builds on existing retraining methods.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by evaluating a retraining strategy with adversarial images, showing results on CIFAR-10 and TinyImageNet datasets.
Though deep neural networks (DNNs) have shown superiority over other techniques in major fields like computer vision, natural language processing, robotics, recently, it has been proven that they are vulnerable to adversarial attacks. The addition of a simple, small and almost invisible perturbation to the original input image can be used to fool DNNs into making wrong decisions. With more attack algorithms being designed, a need for defending the neural networks from such attacks arises. Retraining the network with adversarial images is one of the simplest techniques. In this paper, we evaluate the effectiveness of such a retraining strategy in defending against adversarial attacks. We also show how simple algorithms like KNN can be used to determine the labels of the adversarial images needed for retraining. We present the results on two standard datasets namely, CIFAR-10 and TinyImageNet.