EXPLORING NEURAL NETWORK DEFENSES WITH ADVERSARIAL MIXUP
Loading...
Authors
Andrianopoulos, Georgios
Subjects
AdvMix
Adversarial Mixup
PadNet
machine learning
adversarial attacks
supervised classification
neural network
NN
convolutional neural network
CNN
computer vision
None of the Above
NOTA
Adversarial Mixup
PadNet
machine learning
adversarial attacks
supervised classification
neural network
NN
convolutional neural network
CNN
computer vision
None of the Above
NOTA
Advisors
Barton, Armon C.
Date of Issue
2023-03
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Neural networks (NNs) are vulnerable to adversarial examples, and extensive research is aimed at detecting them. However, detecting adversarial examples is not easy, even with the construction of new loss functions in a network. In this study, we introduce the Adversarial Mix up (AdvMix) network, a neural network that adds a None of the Above (NOTA) class on top of the existing classes to isolate the space where adversarial examples exist. We investigate the effectiveness of AdvMix in improving the robustness of models trained on deep neural networks against adversarial attacks by detecting them. We experimented with various data augmentation techniques and trained nine different models. Our findings show that using an AdvMix network can significantly improve the performance of models against various attacks while achieving better accuracy on benign examples. We were able to increase the accuracy of the vanilla model from 91% to 95% and improve the model's robustness. In many cases, we were able to eliminate the vulnerability of models against some popular and efficient attacks.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
Copyright is reserved by the copyright owner.