• Corpus ID: 14993720

Biologically inspired protection of deep networks from adversarial attacks

@article{Nayebi2017BiologicallyIP,
  title={Biologically inspired protection of deep networks from adversarial attacks},
  author={Aran Nayebi and Surya Ganguli},
  journal={ArXiv},
  year={2017},
  volume={abs/1703.09202}
}
Inspired by biophysical principles underlying nonlinear dendritic computation in neural circuits, we develop a scheme to train deep neural networks to make them robust to adversarial attacks. Our scheme generates highly nonlinear, saturated neural networks that achieve state of the art performance on gradient based adversarial examples on MNIST, despite never being exposed to adversarially chosen examples during training. Moreover, these networks exhibit unprecedented robustness to targeted… 

Figures and Tables from this paper

Towards Natural Robustness Against Adversarial Examples
TLDR
This paper theoretically proves that there is an upper bound for neural networks with identity mappings to constrain the error caused by adversarial noises, and demonstrates that a new family of deep neural networks called Neural ODEs (Chen et al., 2018) holds a weaker upper bound.
Comment on "Biologically inspired protection of deep networks from adversarial attacks"
TLDR
This work analyzes saturated networks and shows that the attacks fail due to numerical limitations in the gradient computations, and suggests a simple stabilisation of the gradient estimates enables successful and efficient attacks.
Stochastic Activation Pruning for Robust Adversarial Defense
TLDR
Stochastic Activation Pruning (SAP) is proposed, a mixed strategy for adversarial defense that prunes a random subset of activations (preferentially pruning those with smaller magnitude) and scales up the survivors to compensate.
Generative Adversarial Networks for Adversarial Training
TLDR
This paper casts the problem as a minimax zero-sum game between the adversary and the defender to show that there are better methods than the fast gradient sign method to create adversarial examples and to enhance robustness against adversarialExamples.
TOCHASTIC ACTIVATION PRUNING FOR ROBUST ADVERSARIAL DEFENSE
TLDR
Stochastic Activation Pruning (SAP) is proposed, a mixed strategy for adversarial defense that prunes a random subset of activations (preferentially pruning those with smaller magnitude) and scales up the survivors to compensate.
Towards Improving Robustness of Deep Neural Networks to Adversarial Perturbations
TLDR
This work shows how a deep convolutional neural network (CNN), based on non-smooth regularization of convolution and fully connected layers, can present enhanced generalization and robustness to adversarial perturbation, simultaneously.
RAID: Randomized Adversarial-Input Detection for Neural Networks
TLDR
A novel technique for adversarial-image detection, RAID, is proposed that trains a secondary classifier to identify differences in neuron activation values between benign and adversarial inputs to increase its robustness against detection-aware adversaries.
Early Layers Are More Important For Adversarial Robustness
TLDR
A novel method to measure and attribute adversarial effectiveness to each layer, based on partial adversarial training, finds that, while all layers in an adversarially trained network contribute to robustness, earlier layers play a more crucial role.
Improving the Adversarial Robustness and Interpretability of Deep Neural Networks by Regularizing their Input Gradients
TLDR
It is demonstrated that regularizing input gradients makes them more naturally interpretable as rationales for model predictions, and also exhibits robustness to transferred adversarial examples generated to fool all of the other models.
...
...

References

SHOWING 1-10 OF 26 REFERENCES
Comment on "Biologically inspired protection of deep networks from adversarial attacks"
TLDR
This work analyzes saturated networks and shows that the attacks fail due to numerical limitations in the gradient computations, and suggests a simple stabilisation of the gradient estimates enables successful and efficient attacks.
Towards Deep Neural Network Architectures Robust to Adversarial Examples
TLDR
Deep Contractive Network is proposed, a model with a new end-to-end training procedure that includes a smoothness penalty inspired by the contractive autoencoder (CAE) to increase the network robustness to adversarial examples, without a significant performance penalty.
Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks
TLDR
The study shows that defensive distillation can reduce effectiveness of sample creation from 95% to less than 0.5% on a studied DNN, and analytically investigates the generalizability and robustness properties granted by the use of defensive Distillation when training DNNs.
Explaining and Harnessing Adversarial Examples
TLDR
It is argued that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature, supported by new quantitative results while giving the first explanation of the most intriguing fact about them: their generalization across architectures and training sets.
The Limitations of Deep Learning in Adversarial Settings
TLDR
This work formalizes the space of adversaries against deep neural networks (DNNs) and introduces a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs.
Distributional Smoothing with Virtual Adversarial Training
TLDR
When the LDS based regularization was applied to supervised and semi-supervised learning for the MNIST dataset, it outperformed all the training methods other than the current state of the art method, which is based on a highly advanced generative model.
Intriguing properties of neural networks
TLDR
It is found that there is no distinction between individual highlevel units and random linear combinations of high level units, according to various methods of unit analysis, and it is suggested that it is the space, rather than the individual units, that contains of the semantic information in the high layers of neural networks.
Exponential expressivity in deep neural networks through transient chaos
TLDR
The theoretical analysis of the expressive power of deep networks broadly applies to arbitrary nonlinearities, and provides a quantitative underpinning for previously abstract notions about the geometry of deep functions.
Deep Learning Models of the Retinal Response to Natural Scenes
TLDR
It is demonstrated that deep convolutional neural networks not only accurately capture sensory circuit responses to natural scenes, but also can yield information about the circuit's internal structure and function.
Deep Neural Networks: A New Framework for Modeling Biological Vision and Brain Information Processing.
  • N. Kriegeskorte
  • Biology, Computer Science
    Annual review of vision science
  • 2015
TLDR
This work states that biologically faithful feedforward and recurrent computational models of how biological brains perform high-level feats of intelligence, including vision, are entering an exciting new era.
...
...