Read Books Online and Download eBooks, EPub, PDF, Mobi, Kindle, Text Full Free.
Towards Model Robustness And Generalization Against Adversarial Examples For Deep Neural Networks
Download Towards Model Robustness And Generalization Against Adversarial Examples For Deep Neural Networks full books in PDF, epub, and Kindle. Read online Towards Model Robustness And Generalization Against Adversarial Examples For Deep Neural Networks ebook anywhere anytime directly on your device. Fast Download speed and no annoying ads. We cannot guarantee that every ebooks is available!
Book Synopsis Towards Model Robustness and Generalization Against Adversarial Examples for Deep Neural Networks by : Shufei Zhang
Download or read book Towards Model Robustness and Generalization Against Adversarial Examples for Deep Neural Networks written by Shufei Zhang and published by . This book was released on 2021 with total page pages. Available in PDF, EPUB and Kindle. Book excerpt:
Book Synopsis On the Robustness of Neural Network: Attacks and Defenses by : Minhao Cheng
Download or read book On the Robustness of Neural Network: Attacks and Defenses written by Minhao Cheng and published by . This book was released on 2021 with total page 158 pages. Available in PDF, EPUB and Kindle. Book excerpt: Neural networks provide state-of-the-art results for most machine learning tasks. Unfortunately, neural networks are vulnerable to adversarial examples. That is, a slightly modified example could be easily generated and fool a well-trained image classifier based on deep neural networks (DNNs) with high confidence. This makes it difficult to apply neural networks in security-critical areas. To find such examples, we first introduce and define adversarial examples. In the first part, we then discuss how to build adversarial attacks in both image and discrete domains. For image classification, we introduce how to design an adversarial attacker in three different settings. Among them, we focus on the most practical setup for evaluating the adversarial robustness of a machine learning system with limited access: the hard-label black-box attack setting for generating adversarial examples, where limited model queries are allowed and only the decision is provided to a queried data input. For the discrete domain, we first talk about its difficulty and introduce how to conduct the adversarial attack on two applications. While crafting adversarial examples is an important technique to evaluate the robustness of DNNs, there is a huge need for improving the model robustness as well. Enhancing model robustness under new and even adversarial environments is a crucial milestone toward building trustworthy machine learning systems. In the second part, we talk about the methods to strengthen the model's adversarial robustness. We first discuss attack-dependent defense. Specifically, we first discuss one of the most effective methods for improving the robustness of neural networks: adversarial training and its limitations. We introduce a variant to overcome its problem. Then we take a different perspective and introduce attack-independent defense. We summarize the current methods and introduce a framework-based vicinal risk minimization. Inspired by the framework, we introduce self-progressing robust training. Furthermore, we discuss the robustness trade-off problem and introduce a hypothesis and propose a new method to alleviate it.
Book Synopsis Malware Detection by : Mihai Christodorescu
Download or read book Malware Detection written by Mihai Christodorescu and published by Springer Science & Business Media. This book was released on 2007-03-06 with total page 307 pages. Available in PDF, EPUB and Kindle. Book excerpt: This book captures the state of the art research in the area of malicious code detection, prevention and mitigation. It contains cutting-edge behavior-based techniques to analyze and detect obfuscated malware. The book analyzes current trends in malware activity online, including botnets and malicious code for profit, and it proposes effective models for detection and prevention of attacks using. Furthermore, the book introduces novel techniques for creating services that protect their own integrity and safety, plus the data they manage.
Book Synopsis Towards Robust Deep Neural Networks by : Andras Rozsa
Download or read book Towards Robust Deep Neural Networks written by Andras Rozsa and published by . This book was released on 2018 with total page 150 pages. Available in PDF, EPUB and Kindle. Book excerpt: One of the greatest technological advancements of the 21st century has been the rise of machine learning. This thriving field of research already has a great impact on our lives and, considering research topics and the latest advancements, will continue to rapidly grow. In the last few years, the most powerful machine learning models have managed to reach or even surpass human level performance on various challenging tasks, including object or face recognition in photographs. Although we are capable of designing and training machine learning models that perform extremely well, the intriguing discovery of adversarial examples challenges our understanding of these models and raises questions about their real-world applications. That is, vulnerable machine learning models misclassify examples that are indistinguishable from correctly classified examples by human observers. Furthermore, in many cases a variety of machine learning models having different architectures and/or trained on different subsets of training data misclassify the same adversarial example formed by an imperceptibly small perturbation. In this dissertation, we mainly focus on adversarial examples and closely related research areas such as quantifying the quality of adversarial examples in terms of human perception, proposing algorithms for generating adversarial examples, and analyzing the cross-model generalization properties of such examples. We further explore the robustness of facial attribute recognition and biometric face recognition systems to adversarial perturbations, and also investigate how to alleviate the intriguing properties of machine learning models.
Book Synopsis Towards Adversarial Robustness of Feed-forward and Recurrent Neural Networks by : Qinglong Wang
Download or read book Towards Adversarial Robustness of Feed-forward and Recurrent Neural Networks written by Qinglong Wang and published by . This book was released on 2020 with total page pages. Available in PDF, EPUB and Kindle. Book excerpt: "Recent years witnessed the successful resurgence of neural networks through the lens of deep learning research. As the spread of deep neural network (DNN) continues to reach multifarious branches of research, including computer vision, natural language processing, and malware detection, it has been found that the vulnerability of these powerful models is equally impressive as their capability in classification tasks. Specifically, research on the adversarial example problem exposes that DNNs, albeit powerful when confronted with legitimate samples, suffer severely from adversarial examples. These synthetic examples can be created by slightly modifying legitimate samples. We speculate that this vulnerability may significantly impede an extensive adoption of DNNs in safety-critical domains. This thesis aims to comprehend some of the mysteries of this vulnerability of DNN, design generic frameworks and deployable algorithms to protect DNNs with different architectures from attacks armed with adversarial examples. We first conduct a thorough exploration of existing research on explaining the pervasiveness of adversarial examples. We unify the hypotheses raised in existing work by extracting three major influencing factors, i.e., data, model, and training. These factors are also helpful in locating different attack and defense methods proposed in the research spectrum and analyzing their effectiveness and limitations. Then we perform two threads of research on neural networks with feed-forward and recurrent architectures, respectively. In the first thread, we focus on the adversarial robustness of feed-forward neural networks, which have been widely applied to process images. Under our proposed generic framework, we design two types of adversary resistant feed-forward networks that weaken the destructive power of adversarial examples and even prevent their creation. We theoretically validate the effectiveness of our methods and empirically demonstrate that they significantly boost a DNN's adversarial robustness while maintaining high accuracy in classification. Our second thread of study focuses on the adversarial robustness of the recurrent neural network (RNN), which represents a variety of networks typically used for processing sequential data. We develop an evaluation framework and propose to quantitatively evaluate RNN's adversarial robustness with deterministic finite automata (DFA), which represent rigorous rules and can be extracted from RNNs, and a distance metric suitable for strings. We demonstrate the feasibility of using extracted DFA as rules through conducting careful experimental studies to identify key conditions that affect the extraction performance. Moreover, we theoretically establish the correspondence between different RNNs and different DFA, and empirically validate the correspondence by evaluating and comparing different RNNs for their extraction performance. At last, we develop an algorithm under our framework and conduct a case study to evaluate the adversarial robustness of different RNNs on a set of regular grammars"--
Book Synopsis Towards Adversarial Robustness of Deep Neural Networks by : Puyudi Yang
Download or read book Towards Adversarial Robustness of Deep Neural Networks written by Puyudi Yang and published by . This book was released on 2020 with total page 0 pages. Available in PDF, EPUB and Kindle. Book excerpt: Robustness to adversarial perturbation has become an extremely important criterion for applications of deep neural networks in many security-sensitive domains such as spam detection, fraud detection, criminal justice, malware detection, and financial markets. Thus, for a given model in security sensitive applications, the evaluation of its robustness to adversarial attacks are more and more crucial. In this thesis, we present a probabilistic framework for generating adversarial attacks on discrete data. Based on this framework, we derive a perturbation-based method, Greedy Attack, and a scalable learning-based method, Gumbel Attack, that illustrate various trade-offs in the design of attacks. We also propose a meta algorithm called BOSH-attack that boost the performance of current decision-based attack algorithms under the hard-label black-box setting. Finally we develop a detection method to detect maliciously crafted adversarial examples via tools in model interpretation.
Book Synopsis Evaluating and Certifying the Adversarial Robustness of Neural Language Models by : Muchao Ye
Download or read book Evaluating and Certifying the Adversarial Robustness of Neural Language Models written by Muchao Ye and published by . This book was released on 2024 with total page 0 pages. Available in PDF, EPUB and Kindle. Book excerpt: Language models (LMs) built by deep neural networks (DNNs) have achieved great success in various areas of artificial intelligence, which have played an increasingly vital role in profound applications including chatbots and smart healthcare. Nonetheless, the vulnerability of DNNs against adversarial examples still threatens the application of neural LMs to safety-critical tasks. To specify, DNNs will change their correct predictions into incorrect ones when small perturbations are added to the original input texts. In this dissertation, we identify key challenges in evaluating and certifying the adversarial robustness of neural LMs and bridge those gaps through efficient hard-label text adversarial attacks and a unified certified robust training framework. The first step of developing neural LMs with high adversarial robustness is evaluating whether they are empirically robust against perturbed texts. The vital technique related to that is the text adversarial attack, which aims to construct a text that can fool LMs. Ideally, it shall output high-quality adversarial examples in a realistic setting with high efficiency. However, current evaluation pipelines proposed in the realistic hard-label setting adopt heuristic search methods, consequently meeting an inefficiency problem. To tackle this limitation, we introduce a series of hard-label text adversarial attack methods, which successfully tackle the inefficiency problem by using a pretrained word embedding space as an intermediate. A deep dive into this idea illustrates that utilizing an estimated decision boundary in the introduced word embedding space helps improve the quality of crafted adversarial examples. The ultimate goal of constructing robust neural LMs is obtaining ones for which adversarial examples do not exist, which can be realized through certified robust training. The research community has proposed different types of certified robust training either in the discrete input space or in the continuous latent feature space. We discover the structural gap within current pipelines and unify them in the word embedding space. By removing unnecessary bound computation modules, i.e., interval bound propagation, and harnessing a new decoupled regularization learning paradigm, our unification can provide a stronger robustness guarantee. Given the aforementioned contributions, we believe our findings will help contribute to the development of robust neural LMs.
Book Synopsis On the Evaluation of Adversarial Vulnerabilities of Deep Neural Networks by : Mehrgan Khoshpasand Foumani
Download or read book On the Evaluation of Adversarial Vulnerabilities of Deep Neural Networks written by Mehrgan Khoshpasand Foumani and published by . This book was released on 2020 with total page 0 pages. Available in PDF, EPUB and Kindle. Book excerpt: Adversarial examples are inputs designed by an adversary to fool the machine learning models. Despite having overly simplifying assumptions and extensive studies in recent years, there is no defense against adversarial examples for complex tasks (e.g., ImageNet). However, for more straightforward tasks like hand-written digit classification, a robust model seems to be within reach. Having the right estimation of the adversarial robustness of the models has been one of the main challenges researchers face. First, we present AETorch, a Pytorch library containing the strongest attacks and the common threat models that make comparing the defenses easier. Most of the research about adversarial examples have focused on adding small l[subscript p] bounded perturbations to the natural inputs with the assumption that the actual label remains unchanged. However, being robust in l[subscript p] bounded settings does not guarantee general robustness. Additionally, we present an efficient technique to create unrestricted adversarial examples using generative adversarial networks on MNIST, SVHN, and fashion-mnist datasets. We demonstrate that even the state-of-the-art adversarially robust MNIST classifiers are vulnerable to the adversarial examples generated with this technique. We demonstrate that our method is better than the previous unrestricted techniques since it has access to a bigger adversarial subspace. Additionally, we show that examples generated with our method are transferable. Overall, our findings emphasize the need for further studying the vulnerability of neural networks to unrestricted adversarial examples.
Book Synopsis Adversarial Machine Learning by : Aneesh Sreevallabh Chivukula
Download or read book Adversarial Machine Learning written by Aneesh Sreevallabh Chivukula and published by Springer Nature. This book was released on 2023-03-06 with total page 316 pages. Available in PDF, EPUB and Kindle. Book excerpt: A critical challenge in deep learning is the vulnerability of deep learning networks to security attacks from intelligent cyber adversaries. Even innocuous perturbations to the training data can be used to manipulate the behaviour of deep networks in unintended ways. In this book, we review the latest developments in adversarial attack technologies in computer vision; natural language processing; and cybersecurity with regard to multidimensional, textual and image data, sequence data, and temporal data. In turn, we assess the robustness properties of deep learning networks to produce a taxonomy of adversarial examples that characterises the security of learning systems using game theoretical adversarial deep learning algorithms. The state-of-the-art in adversarial perturbation-based privacy protection mechanisms is also reviewed. We propose new adversary types for game theoretical objectives in non-stationary computational learning environments. Proper quantification of the hypothesis set in the decision problems of our research leads to various functional problems, oracular problems, sampling tasks, and optimization problems. We also address the defence mechanisms currently available for deep learning models deployed in real-world environments. The learning theories used in these defence mechanisms concern data representations, feature manipulations, misclassifications costs, sensitivity landscapes, distributional robustness, and complexity classes of the adversarial deep learning algorithms and their applications. In closing, we propose future research directions in adversarial deep learning applications for resilient learning system design and review formalized learning assumptions concerning the attack surfaces and robustness characteristics of artificial intelligence applications so as to deconstruct the contemporary adversarial deep learning designs. Given its scope, the book will be of interest to Adversarial Machine Learning practitioners and Adversarial Artificial Intelligence researchers whose work involves the design and application of Adversarial Deep Learning.
Book Synopsis Adversarial Robustness for Machine Learning by : Pin-Yu Chen
Download or read book Adversarial Robustness for Machine Learning written by Pin-Yu Chen and published by Elsevier. This book was released on 2022-08-25 with total page 298 pages. Available in PDF, EPUB and Kindle. Book excerpt: Adversarial Robustness for Machine Learning summarizes the recent progress on this topic and introduces popular algorithms on adversarial attack, defense and veri?cation. Sections cover adversarial attack, veri?cation and defense, mainly focusing on image classi?cation applications which are the standard benchmark considered in the adversarial robustness community. Other sections discuss adversarial examples beyond image classification, other threat models beyond testing time attack, and applications on adversarial robustness. For researchers, this book provides a thorough literature review that summarizes latest progress in the area, which can be a good reference for conducting future research. In addition, the book can also be used as a textbook for graduate courses on adversarial robustness or trustworthy machine learning. While machine learning (ML) algorithms have achieved remarkable performance in many applications, recent studies have demonstrated their lack of robustness against adversarial disturbance. The lack of robustness brings security concerns in ML models for real applications such as self-driving cars, robotics controls and healthcare systems. Summarizes the whole field of adversarial robustness for Machine learning models Provides a clearly explained, self-contained reference Introduces formulations, algorithms and intuitions Includes applications based on adversarial robustness
Book Synopsis Deep Learning: Algorithms and Applications by : Witold Pedrycz
Download or read book Deep Learning: Algorithms and Applications written by Witold Pedrycz and published by Springer. This book was released on 2019-11-04 with total page 360 pages. Available in PDF, EPUB and Kindle. Book excerpt: This book presents a wealth of deep-learning algorithms and demonstrates their design process. It also highlights the need for a prudent alignment with the essential characteristics of the nature of learning encountered in the practical problems being tackled. Intended for readers interested in acquiring practical knowledge of analysis, design, and deployment of deep learning solutions to real-world problems, it covers a wide range of the paradigm’s algorithms and their applications in diverse areas including imaging, seismic tomography, smart grids, surveillance and security, and health care, among others. Featuring systematic and comprehensive discussions on the development processes, their evaluation, and relevance, the book offers insights into fundamental design strategies for algorithms of deep learning.
Book Synopsis Adversarial Robustness of Deep Learning Models by : Samarth Gupta (S.M.)
Download or read book Adversarial Robustness of Deep Learning Models written by Samarth Gupta (S.M.) and published by . This book was released on 2020 with total page 80 pages. Available in PDF, EPUB and Kindle. Book excerpt: Efficient operation and control of modern day urban systems such as transportation networks is now more important than ever due to huge societal benefits. Low cost network-wide sensors generate large amounts of data which needs to processed to extract useful information necessary for operational maintenance and to perform real-time control. Modern Machine Learning (ML) systems, particularly Deep Neural Networks (DNNs), provide a scalable solution to the problem of information retrieval from sensor data. Therefore, Deep Learning systems are increasingly playing an important role in day-to-day operations of our urban systems and hence cannot not be treated as standalone systems anymore. This naturally raises questions from a security viewpoint. Are modern ML systems robust to adversarial attacks for deployment in critical real-world applications? If not, then how can we make progress in securing these systems against such attacks? In this thesis we first demonstrate the vulnerability of modern ML systems on a real world scenario relevant to transportation networks by successfully attacking a commercial ML platform using a traffic-camera image. We review different methods of defense and various challenges associated in training an adversarially robust classifier. In terms of contributions, we propose and investigate a new method of defense to build adversarially robust classifiers using Error-Correcting Codes (ECCs). The idea of using Error-Correcting Codes for multi-class classification has been investigated in the past but only under nominal settings. We build upon this idea in the context of adversarial robustness of Deep Neural Networks. Following the guidelines of code-book design from literature, we formulate a discrete optimization problem to generate codebooks in a systematic manner. This optimization problem maximizes minimum hamming distance between codewords of the codebook while maintaining high column separation. Using the optimal solution of the discrete optimization problem as our codebook, we then build a (robust) multi-class classifier from that codebook. To estimate the adversarial accuracy of ECC based classifiers resulting from different codebooks, we provide methods to generate gradient based white-box attacks. We discuss estimation of class probability estimates (or scores) which are in itself useful for real-world applications along with their use in generating black-box and white-box attacks. We also discuss differentiable decoding methods, which can also be used to generate white-box attacks. We are able to outperform standard all-pairs codebook, providing evidence to the fact that compact codebooks generated using our discrete optimization approach can indeed provide high performance. Most importantly, we show that ECC based classifiers can be partially robust even without any adversarial training. We also show that this robustness is simply not a manifestation of the large network capacity of the overall classifier. Our approach can be seen as the first step towards designing classifiers which are robust by design. These contributions suggest that ECCs based approach can be useful to improve the robustness of modern ML systems and thus making urban systems more resilient to adversarial attacks.
Author :National Academies of Sciences, Engineering, and Medicine Publisher :National Academies Press ISBN 13 :0309496098 Total Pages :83 pages Book Rating :4.3/5 (94 download)
Book Synopsis Robust Machine Learning Algorithms and Systems for Detection and Mitigation of Adversarial Attacks and Anomalies by : National Academies of Sciences, Engineering, and Medicine
Download or read book Robust Machine Learning Algorithms and Systems for Detection and Mitigation of Adversarial Attacks and Anomalies written by National Academies of Sciences, Engineering, and Medicine and published by National Academies Press. This book was released on 2019-08-22 with total page 83 pages. Available in PDF, EPUB and Kindle. Book excerpt: The Intelligence Community Studies Board (ICSB) of the National Academies of Sciences, Engineering, and Medicine convened a workshop on December 11â€"12, 2018, in Berkeley, California, to discuss robust machine learning algorithms and systems for the detection and mitigation of adversarial attacks and anomalies. This publication summarizes the presentations and discussions from the workshop.
Book Synopsis Adversarial Machine Learning by : Yevgeniy Tu
Download or read book Adversarial Machine Learning written by Yevgeniy Tu and published by Springer Nature. This book was released on 2022-05-31 with total page 152 pages. Available in PDF, EPUB and Kindle. Book excerpt: The increasing abundance of large high-quality datasets, combined with significant technical advances over the last several decades have made machine learning into a major tool employed across a broad array of tasks including vision, language, finance, and security. However, success has been accompanied with important new challenges: many applications of machine learning are adversarial in nature. Some are adversarial because they are safety critical, such as autonomous driving. An adversary in these applications can be a malicious party aimed at causing congestion or accidents, or may even model unusual situations that expose vulnerabilities in the prediction engine. Other applications are adversarial because their task and/or the data they use are. For example, an important class of problems in security involves detection, such as malware, spam, and intrusion detection. The use of machine learning for detecting malicious entities creates an incentive among adversaries to evade detection by changing their behavior or the content of malicius objects they develop. The field of adversarial machine learning has emerged to study vulnerabilities of machine learning approaches in adversarial settings and to develop techniques to make learning robust to adversarial manipulation. This book provides a technical overview of this field. After reviewing machine learning concepts and approaches, as well as common use cases of these in adversarial settings, we present a general categorization of attacks on machine learning. We then address two major categories of attacks and associated defenses: decision-time attacks, in which an adversary changes the nature of instances seen by a learned model at the time of prediction in order to cause errors, and poisoning or training time attacks, in which the actual training dataset is maliciously modified. In our final chapter devoted to technical content, we discuss recent techniques for attacks on deep learning, as well as approaches for improving robustness of deep neural networks. We conclude with a discussion of several important issues in the area of adversarial learning that in our view warrant further research. Given the increasing interest in the area of adversarial machine learning, we hope this book provides readers with the tools necessary to successfully engage in research and practice of machine learning in adversarial settings.
Book Synopsis Enhancing Adversarial Robustness of Deep Neural Networks by : Jeffrey Zhang (M. Eng.)
Download or read book Enhancing Adversarial Robustness of Deep Neural Networks written by Jeffrey Zhang (M. Eng.) and published by . This book was released on 2019 with total page 58 pages. Available in PDF, EPUB and Kindle. Book excerpt: Logit-based regularization and pretrain-then-tune are two approaches that have recently been shown to enhance adversarial robustness of machine learning models. In the realm of regularization, Zhang et al. (2019) proposed TRADES, a logit-based regularization optimization function that has been shown to improve upon the robust optimization framework developed by Madry et al. (2018) [14, 9]. They were able to achieve state-of-the-art adversarial accuracy on CIFAR10. In the realm of pretrain- then-tune models, Hendrycks el al. (2019) demonstrated that adversarially pretraining a model on ImageNet then adversarially tuning on CIFAR10 greatly improves the adversarial robustness of machine learning models. In this work, we propose Adversarial Regularization, another logit-based regularization optimization framework that surpasses TRADES in adversarial generalization. Furthermore, we explore the impact of trying different types of adversarial training on the pretrain-then-tune paradigm.
Book Synopsis Improved Methodology for Evaluating Adversarial Robustness in Deep Neural Networks by : Kyungmi Lee (S. M.)
Download or read book Improved Methodology for Evaluating Adversarial Robustness in Deep Neural Networks written by Kyungmi Lee (S. M.) and published by . This book was released on 2020 with total page 93 pages. Available in PDF, EPUB and Kindle. Book excerpt: Deep neural networks are known to be vulnerable to adversarial perturbations, which are often imperceptible to humans but can alter predictions of machine learning systems. Since the exact value of adversarial robustness is difficult to obtain for complex deep neural networks, accuracy of the models against perturbed examples generated by attack methods is empirically used as a proxy to adversarial robustness. However, failure of attack methods to find adversarial perturbations cannot be equated with being robust. In this work, we identify three common cases that lead to overestimation of accuracy against perturbed examples generated by bounded first-order attack methods: 1) the value of cross-entropy loss numerically becoming zero when using standard floating point representation, resulting in non-useful gradients; 2) innately non-differentiable functions in deep neural networks, such as Rectified Linear Unit (ReLU) activation and MaxPool operation, incurring “gradient masking” [2]; and 3) certain regularization methods used during training inducing the model to be less amenable to first-order approximation. We show that these phenomena exist in a wide range of deep neural networks, and that these phenomena are not limited to specific defense methods they have been previously investigated for. For each case, we propose compensation methods that either address sources of inaccurate gradient computation, such as numerical saturation for near zero values and non-differentiability, or reduce the total number of back-propagations for iterative attacks by approximating second-order information. These compensation methods can be combined with existing attack methods for a more precise empirical evaluation metric. We illustrate the impact of these three phenomena with examples of practical interest, such as benchmarking model capacity and regularization techniques for robustness. Furthermore, we show that the gap between adversarial accuracy and the guaranteed lower bound of robustness can be partially explained by these phenomena. Overall, our work shows that overestimated adversarial accuracy that is not indicative of robustness is prevalent even for conventionally trained deep neural networks, and highlights cautions of using empirical evaluation without guaranteed bounds.
Book Synopsis Defending Neural Networks Against Adversarial Examples by : Armon Barton
Download or read book Defending Neural Networks Against Adversarial Examples written by Armon Barton and published by . This book was released on 2019 with total page 41 pages. Available in PDF, EPUB and Kindle. Book excerpt: Deep learning is becoming a technology central to the safety of cars, the security of networks, and the correct functioning of many other types of systems. Unfortunately, attackers can create adversarial examples, small perturbations to inputs that trick deep neural networks into making a misclassification. Researchers have explored various defenses against this attack, but many of them have been broken. The most robust approaches are Adversarial Training and its extension, Adversarial Logit Pairing, but Adversarial Training requires generating and training on adversarial examples from any possible attack. This is not only expensive, but it is inherently vulnerable to novel attack strategies. We propose PadNet, a stacked defense against adversarial examples that does not require knowledge of the attack techniques used by the attacker. PadNet combines two novel techniques: Defensive Padding and Targeted Gradient Minimizing (TGM). Prior research suggests that adversarial examples exist near the decision boundary of the classifier. Defensive Padding is designed to reinforce the decision boundary of the model by introducing a new class of augmented data within the training set that exists near the decision boundary, called the padding class. Targeted Gradient Minimizing is designed to produce low gradients from the input data point toward the decision boundary, thus making adversarial examples more difficult to find. In this study, we show that: 1) PadNet significantly increases robustness against adversarial examples compared to adversarial logit pairing, and 2) PadNet is adapt-able to various attacks without knowing the attacker's techniques, and therefore allows the training cost to be fixed unlike adversarial logit pairing.
