Mitigating the impact of adversarial attacks in very deep networks

Mohammed Hassanin, Ibrahim Radwan, Nour Moustafa, Murat Tahtali, Neeraj Kumar

Research output: Contribution to journalArticlepeer-review

Abstract

Deep Neural Network (DNN) models have vulnerabilities related to security concerns, with attackers usually employing complex hacking techniques to expose their structures. Data poisoning-enabled perturbation attacks are complex adversarial ones that inject false data into models. They negatively impact the learning process, with no benefit to deeper networks, as they degrade a model’s accuracy and convergence rates. In this paper, we propose an attack-agnostic-based defense method for mitigating their influence. In it, a Defensive Feature Layer (DFL) is integrated with a well-known DNN architecture which assists in neutralizing the effects of illegitimate perturbation samples in the feature space. To boost the robustness and trustworthiness of this method for correctly classifying attacked input samples, we regularize the hidden space of a trained model with a discriminative loss function called Polarized Contrastive Loss (PCL). It improves discrimination among samples in different classes and maintains the resemblance of those in the same class. Also, we integrate a DFL and PCL in a compact model for defending against data poisoning attacks. This method is trained and tested using the CIFAR-10 and MNIST datasets with data poisoning-enabled perturbation attacks, with the experimental results revealing its excellent performance compared with those of recent peer techniques.
Original languageEnglish
Article number107231
Pages (from-to)1-8
Number of pages8
JournalApplied Soft Computing
Volume105
DOIs
Publication statusPublished - 2021

Fingerprint Dive into the research topics of 'Mitigating the impact of adversarial attacks in very deep networks'. Together they form a unique fingerprint.

Cite this