CE-based white-box adversarial attacks will not work using super-fitting
This addresses a critical security problem for high-risk systems by enhancing model resilience against adversarial attacks, representing a novel defense approach.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by proposing a defense method that uses a super-fitting state to improve adversarial robustness, mathematically proving its effectiveness and demonstrating it achieves the highest robustness compared to nearly 50 other defense models.
Deep neural networks are widely used in various fields because of their powerful performance. However, recent studies have shown that deep learning models are vulnerable to adversarial attacks, i.e., adding a slight perturbation to the input will make the model obtain wrong results. This is especially dangerous for some systems with high-security requirements, so this paper proposes a new defense method by using the model super-fitting state to improve the model's adversarial robustness (i.e., the accuracy under adversarial attacks). This paper mathematically proves the effectiveness of super-fitting and enables the model to reach this state quickly by minimizing unrelated category scores (MUCS). Theoretically, super-fitting can resist any existing (even future) CE-based white-box adversarial attacks. In addition, this paper uses a variety of powerful attack algorithms to evaluate the adversarial robustness of super-fitting, and the proposed method is compared with nearly 50 defense models from recent conferences. The experimental results show that the super-fitting method in this paper can make the trained model obtain the highest adversarial robustness.