Heterogeneous Architecture Search Approach within Adversarial Dynamic Defense Framework

AAAI Workshop AdvML 2022  ·  Qi Peng, Ruoxi Qin, Wenlin Liu, Libin Hou, Bin Yan, Linyuan Wang ·

Recent advances in adversarial attacks uncover the intrinsic vulnerability of modern deep neural networks (DNNs). To address this issue, various methods have been proposed to design network architectures that are robust to one particular type of adversarial attack. Recent research leverages the concept of dynamic defense framework (DDF) based on stochastic ensemble model for boosting the robustness of a DNN ensemble against such adversarial attacks. There is a need to enhance the diversity and gradient variations of the ensemble but stuck with the lack of efficient networks. In this paper, we propose a heterogeneous architecture searching method based on NAS. Our method encourages heterogeneous networks, such that networks further improve diversity for ensemble, and thus, boost the adversarial robustness of DDF. Experimental results suggest that the diversity existing among the family of heterogeneous networks does restrain the transferability of the adversarial sample, and achieve superior performance when evaluating the robustness on the ASR-vs-distortion benchmark in different attack environments.

PDF Abstract

Code
Add Remove Mark official

No code implementations yet. Submit your code now

Datasets

  Add Datasets introduced or used in this paper

Results from the Paper
Add Remove

  Submit results from this paper to get state-of-the-art GitHub badges and help the community compare results to other papers.

Methods
Add Remove

No methods listed for this paper. Add relevant methods here
Contact us on: hello@paperswithcode.com . Papers With Code is a free resource with all data licensed under CC-BY-SA.
Terms Data policy Cookies policy