Anti-Bandit Neural Architecture Search for Model Defense
This work addresses the problem of adversarial vulnerability in machine learning models for security-critical applications, presenting an incremental advancement in neural architecture search for defense.
The paper tackles defending deep convolutional neural networks against adversarial attacks by introducing Anti-Bandit Neural Architecture Search (ABanditNAS), which uses a novel search process with lower and upper confidence bounds to efficiently explore denoising blocks and other operations, resulting in an 8.73% improvement over prior methods on CIFAR-10 under PGD-7 attacks.
Deep convolutional neural networks (DCNNs) have dominated as the best performers in machine learning, but can be challenged by adversarial attacks. In this paper, we defend against adversarial attacks using neural architecture search (NAS) which is based on a comprehensive search of denoising blocks, weight-free operations, Gabor filters and convolutions. The resulting anti-bandit NAS (ABanditNAS) incorporates a new operation evaluation measure and search process based on the lower and upper confidence bounds (LCB and UCB). Unlike the conventional bandit algorithm using UCB for evaluation only, we use UCB to abandon arms for search efficiency and LCB for a fair competition between arms. Extensive experiments demonstrate that ABanditNAS is faster than other NAS methods, while achieving an $8.73\%$ improvement over prior arts on CIFAR-10 under PGD-$7$.