The robust way to stack and bag: the local Lipschitz way
This addresses the problem of adversarial vulnerability in neural networks for machine learning practitioners, offering an incremental improvement over existing ensemble methods.
The paper tackled improving adversarial robustness of neural networks by constructing ensembles based on local Lipschitz constants, resulting in increased robustness against white-box attacks like FGSM and PGD on MNIST and CIFAR-10 datasets compared to single networks and traditional ensembles.
Recent research has established that the local Lipschitz constant of a neural network directly influences its adversarial robustness. We exploit this relationship to construct an ensemble of neural networks which not only improves the accuracy, but also provides increased adversarial robustness. The local Lipschitz constants for two different ensemble methods - bagging and stacking - are derived and the architectures best suited for ensuring adversarial robustness are deduced. The proposed ensemble architectures are tested on MNIST and CIFAR-10 datasets in the presence of white-box attacks, FGSM and PGD. The proposed architecture is found to be more robust than a) a single network and b) traditional ensemble methods.