Adversarial attacks against deep neural networks (DNNs) are continuously
evolving, requiring increasingly powerful defense strategies. We develop a
novel adversarial defense framework inspired by the adaptive immune system: the
Robust Adversarial Immune-inspired Learning System (RAILS). Initializing a
population of exemplars that is balanced across classes, RAILS starts from a
uniform label distribution that encourages diversity and debiases a potentially
corrupted initial condition. RAILS implements an evolutionary optimization
process to adjust the label distribution and achieve specificity towards ground
truth. RAILS displays a tradeoff between robustness (diversity) and accuracy
(specificity), providing a new immune-inspired perspective on adversarial
learning. We empirically validate the benefits of RAILS through several
adversarial image classification experiments on MNIST, SVHN, and CIFAR-10
datasets. For the PGD attack, RAILS is found to improve the robustness over
existing methods by >= 5.62%, 12.5% and 10.32%, respectively, without
appreciable loss of standard accuracy.

Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Wang_R/0/1/0/all/0/1">Ren Wang</a>, <a href="http://arxiv.org/find/cs/1/au:+Chen_T/0/1/0/all/0/1">Tianqi Chen</a>, <a href="http://arxiv.org/find/cs/1/au:+Lindsly_S/0/1/0/all/0/1">Stephen Lindsly</a>, <a href="http://arxiv.org/find/cs/1/au:+Stansbury_C/0/1/0/all/0/1">Cooper Stansbury</a>, <a href="http://arxiv.org/find/cs/1/au:+Rehemtulla_A/0/1/0/all/0/1">Alnawaz Rehemtulla</a>, <a href="http://arxiv.org/find/cs/1/au:+Rajapakse_I/0/1/0/all/0/1">Indika Rajapakse</a>, <a href="http://arxiv.org/find/cs/1/au:+Hero_A/0/1/0/all/0/1">Alfred Hero</a>

By admin