Attack-less adversarial training for a robust adversarial defense

摘要

Adversarial examples have proved efficacious in fooling deep neural networks recently. Many researchers have studied this issue of adversarial examples by evaluating neural networks against their attack techniques and increasing the robustness of neural networks with their defense techniques. To the best of our knowledge, adversarial training is one of the most effective defense techniques against the adversarial examples. However, the method is not able to cope with new attacks because it requires attack techniques in the training phase. In this paper, we propose a novel defense technique, Attack-Less Adversarial Training (ALAT) method, which is independent from any attack techniques, thereby is useful in preventing future attacks. Specifically, ALAT regenerates every pixel of an image into different pixel value, which commonly eliminates the majority of the adversarial noises in the adversarial example. This pixel regeneration is useful in defense because the adversarial noises are the core problem that make the neural networks produce high misclassification rate. Our experiment results with several benchmark datasets show that our method not only relieves over-fitting issue during the training of neural networks with a large number of epochs, but also boosts the robustness of the neural network.