ATRAS: Adversarially Trained Robust Architecture Search
This work addresses adversarial robustness for neural networks, but it appears incremental as it applies existing methods to analyze architecture variations without introducing new techniques.
The paper investigates how architectural completeness affects adversarial robustness by training models with varied layers and nodes on CIFAR-10 and MNIST, using FGSM attacks and adversarial training, reporting pre-attack, post-attack, and post-defense accuracies.
In this paper, we explore the effect of architecture completeness on adversarial robustness. We train models with different architectures on CIFAR-10 and MNIST dataset. For each model, we vary different number of layers and different number of nodes in the layer. For every architecture candidate, we use Fast Gradient Sign Method (FGSM) to generate untargeted adversarial attacks and use adversarial training to defend against those attacks. For each architecture candidate, we report pre-attack, post-attack and post-defense accuracy for the model as well as the architecture parameters and the impact of completeness to the model accuracies.