Improving Global Adversarial Robustness Generalization With Adversarially Trained GAN
This addresses the security issue of adversarial attacks for CNN-based image classification systems, representing an incremental improvement over existing defense methods.
The paper tackles the problem of adversarial vulnerability in CNNs by proposing ATGAN, which improves adversarial robustness generalization without relying on obfuscated gradients, achieving better performance than state-of-the-art adversarially trained CNNs on datasets like MNIST, SVHN, and CIFAR-10.
Convolutional neural networks (CNNs) have achieved beyond human-level accuracy in the image classification task and are widely deployed in real-world environments. However, CNNs show vulnerability to adversarial perturbations that are well-designed noises aiming to mislead the classification models. In order to defend against the adversarial perturbations, adversarially trained GAN (ATGAN) is proposed to improve the adversarial robustness generalization of the state-of-the-art CNNs trained by adversarial training. ATGAN incorporates adversarial training into standard GAN training procedure to remove obfuscated gradients which can lead to a false sense in defending against the adversarial perturbations and are commonly observed in existing GANs-based adversarial defense methods. Moreover, ATGAN adopts the image-to-image generator as data augmentation to increase the sample complexity needed for adversarial robustness generalization in adversarial training. Experimental results in MNIST SVHN and CIFAR-10 datasets show that the proposed method doesn't rely on obfuscated gradients and achieves better global adversarial robustness generalization performance than the adversarially trained state-of-the-art CNNs.