Defending Against Adversarial Examples in Deep Neural Network Classifiers
Loading...
Authors
Barton, Armon
Jatho, Edgar, III
Berzins, Valdis
Subjects
System safety
AI
machine learning
adversarial examples
defenses
evaluation
AI
machine learning
adversarial examples
defenses
evaluation
Advisors
Date of Issue
2021-12-31
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
The Navy and Department of Defense are prioritizing the rapid adoption of Artificial Intelligence (AI) across warfare domains to keep technological advantage in the United States’ favor. Machine learning (ML), the basis of much recent advancement in AI, suffers from a persistent and inadequately addressed critical flaw: adversarial examples. Since their discovery in 2013, many new forms of adversarial example attacks in Deep Neural Network (DNN) classifiers have been invented and many narrow and particular defenses have been proposed. None of the defenses survived counter testing. Some researchers suggested that such susceptibility may be unavoidable. To date, no effective, computationally tractable, general approach has been discovered that can shore up DNNs against this and related generalization problems. Our hypothesis is that ML model robustness and resistance to the broad class of all ML adversarial examples can be improved with approaches that declare the data-point-sparse latent-space between data-dense regions of a model’s classification space as a barrier class. We investigate two distinct methods of implementing such a defense against adversarial example based attacks, test these defenses against the most effective attacks and compare findings against existing state of the art defenses.
Type
Technical Report
Description
Prepared for: NAVAIR
Series/Report No
Department
Organization
Identifiers
NPS Report Number
NPS-CS-21-002
Sponsors
NAVAIR
Funding
Format
66 p.
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.