RANDOM MASK: Towards Robust Convolutional Neural Networks
This addresses the critical issue of neural network vulnerability to adversarial attacks for AI security applications, though it is incremental as it builds on existing CNN structures.
The paper tackles the problem of adversarial robustness in convolutional neural networks by introducing Random Mask, a technique that modifies existing CNN architectures to achieve state-of-the-art performance against black-box attacks without adversarial training, with results showing that adversarial examples that fool these networks often also fool humans.
Robustness of neural networks has recently been highlighted by the adversarial examples, i.e., inputs added with well-designed perturbations which are imperceptible to humans but can cause the network to give incorrect outputs. In this paper, we design a new CNN architecture that by itself has good robustness. We introduce a simple but powerful technique, Random Mask, to modify existing CNN structures. We show that CNN with Random Mask achieves state-of-the-art performance against black-box adversarial attacks without applying any adversarial training. We next investigate the adversarial examples which 'fool' a CNN with Random Mask. Surprisingly, we find that these adversarial examples often 'fool' humans as well. This raises fundamental questions on how to define adversarial examples and robustness properly.