A Deep Marginal-Contrastive Defense against Adversarial Attacks on 1D Models
This work aims to improve the robustness of deep learning models, specifically non-continuous ones, against adversarial attacks for researchers and practitioners deploying such models in security-sensitive applications. It is an incremental improvement to existing defense mechanisms.
This paper addresses the vulnerability of non-continuous deep models to adversarial attacks by proposing a novel marginal contrastive loss function. This function enforces features to lie within a specified margin, which improves the prediction of perturbed samples using deep convolutional networks like Char-CNN. Experiments on both continuous (UNSW NB15) and discrete datasets demonstrated improved performance of Char-CNN when regularized with the proposed loss function.
Deep learning algorithms have been recently targeted by attackers due to their vulnerability. Several research studies have been conducted to address this issue and build more robust deep learning models. Non-continuous deep models are still not robust against adversarial, where most of the recent studies have focused on developing attack techniques to evade the learning process of the models. One of the main reasons behind the vulnerability of such models is that a learning classifier is unable to slightly predict perturbed samples. To address this issue, we propose a novel objective/loss function, the so-called marginal contrastive, which enforces the features to lie under a specified margin to facilitate their prediction using deep convolutional networks (i.e., Char-CNN). Extensive experiments have been conducted on continuous cases (e.g., UNSW NB15 dataset) and discrete ones (i.e, eight-large-scale datasets [32]) to prove the effectiveness of the proposed method. The results revealed that the regularization of the learning process based on the proposed loss function can improve the performance of Char-CNN.