Improved Robustness Against Adaptive Attacks With Ensembles and Error-Correcting Output Codes
This work addresses the problem of adversarial robustness in neural networks for security-critical applications, representing an incremental advancement in ensemble methods.
The paper tackled the vulnerability of neural network ensembles to adaptive adversarial attacks by improving Error-Correcting Output Codes (ECOC) ensembles through architectural enhancements and diversity promotion, resulting in demonstrated benefits for adversarial robustness compared to regular CNN ensembles and further improvements with a specific adversarial training method.
Neural network ensembles have been studied extensively in the context of adversarial robustness and most ensemble-based approaches remain vulnerable to adaptive attacks. In this paper, we investigate the robustness of Error-Correcting Output Codes (ECOC) ensembles through architectural improvements and ensemble diversity promotion. We perform a comprehensive robustness assessment against adaptive attacks and investigate the relationship between ensemble diversity and robustness. Our results demonstrate the benefits of ECOC ensembles for adversarial robustness compared to regular ensembles of convolutional neural networks (CNNs) and show why the robustness of previous implementations is limited. We also propose an adversarial training method specific to ECOC ensembles that allows to further improve robustness to adaptive attacks.