Decision tree pairwise metric learning against adversarial attacks

Abstract

Distance Metric Learning has been used or paired with SoftMax Cross-Entropy loss to increase the discriminative power of deep learning classifiers against adversarial attacks. Most distance metric learning-based methods for adversarial detection adopt the standard Mahalanobis distance which only encodes the relative position information and therefore cannot capture the entire shape of complex data. In this research, we propose an alternative metric learning approach for adversarial sample classification. This approach integrates relative information as well as absolute pairwise information into a differentiable decision tree representation to guarantee a more robust classifier. We term this metric learning approach as differentiable decision tree pairwise metric learning (DTML). We demonstrate that DTML is more robust even under strong adversarial untargeted attacks compared with the single Mahalanobis distance-based defending methods on MNIST, CIFAR-10, and KDDCUP99 datasets.