Exploring Neural Network Defenses with Adversarial Mixup
Abstract
Neural networks (NNs) are vulnerable to adversarial examples, and extensive research is aimed at detecting them. However, detecting adversarial examples is not easy, even with the construction of new loss functions in a network. In this study, we introduce the Adversarial Mixup (AdvMix) network, a neural network that adds a None of the Above (NOTA) class on top of the existing classes to isolate the space where adversarial examples exist. We investigate the effectiveness of AdvMix in improving the robustness of models trained on deep neural networks against adversarial attacks by detecting them. We experimented with various data augmentation techniques and trained nine different models. Our findings show that using an AdvMix network can significantly improve the performance of models against various attacks while achieving better accuracy on benign examples. We were able to increase the accuracy of the vanilla model from 91 percent to 95 percent and improve the model's robustness. In many cases, we were able to eliminate the vulnerability of models against some popular and efficient attacks.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2023
- Accession Number
- AD1212877
Entities
People
- Georgios Andrianopoulos
Organizations
- Naval Postgraduate School