Is ReLU Adversarially Robust?
This addresses a security problem for deep learning practitioners by offering an incremental improvement in model robustness against adversarial attacks.
The paper tackles the vulnerability of deep learning models to adversarial examples by focusing on ReLU activation functions, finding that ReLU is not robust and proposing a modified version that improves robustness, with experiments showing enhanced performance through adversarial training.
The efficacy of deep learning models has been called into question by the presence of adversarial examples. Addressing the vulnerability of deep learning models to adversarial examples is crucial for ensuring their continued development and deployment. In this work, we focus on the role of rectified linear unit (ReLU) activation functions in the generation of adversarial examples. ReLU functions are commonly used in deep learning models because they facilitate the training process. However, our empirical analysis demonstrates that ReLU functions are not robust against adversarial examples. We propose a modified version of the ReLU function, which improves robustness against adversarial examples. Our results are supported by an experiment, which confirms the effectiveness of our proposed modification. Additionally, we demonstrate that applying adversarial training to our customized model further enhances its robustness compared to a general model.