Deep Adversarially-Enhanced k-Nearest Neighbors
This addresses the vulnerability of deep neural networks to adversarial attacks, offering an incremental improvement for security-critical applications.
The paper tackles the robustness-accuracy trade-off in deep neural networks by proposing Deep Adversarially-Enhanced k-Nearest Neighbors (DAEkNN), which improves robustness and mitigates this trade-off on MNIST and CIFAR-10 datasets.
Recent works have theoretically and empirically shown that deep neural networks (DNNs) have an inherent vulnerability to small perturbations. Applying the Deep k-Nearest Neighbors (DkNN) classifier, we observe a dramatically increasing robustness-accuracy trade-off as the layer goes deeper. In this work, we propose a Deep Adversarially-Enhanced k-Nearest Neighbors (DAEkNN) method which achieves higher robustness than DkNN and mitigates the robustness-accuracy trade-off in deep layers through two key elements. First, DAEkNN is based on an adversarially trained model. Second, DAEkNN makes predictions by leveraging a weighted combination of benign and adversarial training data. Empirically, we find that DAEkNN improves both the robustness and the robustness-accuracy trade-off on MNIST and CIFAR-10 datasets.