Adversarial attacks against deep neural networks (DNNs) are continuously
evolving, requiring increasingly powerful defense strategies. We develop a
novel adversarial defense framework inspired by the adaptive immune system: the
Robust Adversarial Immune-inspired Learning System (RAILS). Initializing a
population of exemplars that is balanced across classes, RAILS starts from a
uniform label distribution that encourages diversity and debiases a potentially
corrupted initial condition. RAILS implements an evolutionary optimization
process to adjust the label distribution and achieve specificity towards ground
truth. RAILS displays a tradeoff between robustness (diversity) and accuracy
(specificity), providing a new immune-inspired perspective on adversarial
learning. We empirically validate the benefits of RAILS through several
adversarial image classification experiments on MNIST, SVHN, and CIFAR-10
datasets. For the PGD attack, RAILS is found to improve the robustness over
existing methods by >= 5.62%, 12.5% and 10.32%, respectively, without
appreciable loss of standard accuracy.

Ren Wang, Tianqi Chen, Stephen Lindsly, Cooper Stansbury, Alnawaz Rehemtulla, Indika Rajapakse, Alfred Hero

