And/or trade-off in artificial neurons: impact on adversarial robustness
This addresses adversarial robustness for neural network security, but it is incremental as it builds on known neuron function concepts.
The paper tackled the problem of adversarial robustness in neural networks by hypothesizing that OR-like neurons increase vulnerability, and proposed measures to increase AND-like neurons, showing promise on MNIST.
Despite the success of neural networks, the issue of classification robustness remains, particularly highlighted by adversarial examples. In this paper, we address this challenge by focusing on the continuum of functions implemented in artificial neurons, ranging from pure AND gates to pure OR gates. Our hypothesis is that the presence of a sufficient number of OR-like neurons in a network can lead to classification brittleness and increased vulnerability to adversarial attacks. We define AND-like neurons and propose measures to increase their proportion in the network. These measures involve rescaling inputs to the [-1,1] interval and reducing the number of points in the steepest section of the sigmoidal activation function. A crucial component of our method is the comparison between a neuron's output distribution when fed with the actual dataset and a randomised version called the "scrambled dataset." Experimental results on the MNIST dataset suggest that our approach holds promise as a direction for further exploration.