Abstract
Adversarial attacks against deep neural networks (DNNs) are continuously evolving, requiring increasingly powerful defense strategies. We develop a novel adversarial defense framework inspired by the adaptive immune system: the Robust Adversarial Immune-inspired Learning System (RAILS). Initializing a population of exemplars that is balanced across classes, RAILS starts from a uniform label distribution that encourages diversity and uses an evolutionary optimization process to adaptively adjust the predictive label distribution in a manner that emulates the way the natural immune system recognizes novel pathogens. RAILS’ evolutionary optimization process explicitly captures the tradeoff between robustness (diversity) and accuracy (specificity) of the network, and represents a new immune-inspired perspective on adversarial learning. The benefits of RAILS are empirically demonstrated under eight types of adversarial attacks on a DNN adversarial image classifier for several benchmark datasets, including: MNIST; SVHN; CIFAR-10; and CIFAR-10. We find that PGD is the most damaging attack strategy and that for this attack RAILS is significantly more robust than other methods, achieving improvements in adversarial robustness by <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\geq 5.62\%, 12.5\%$ </tex-math></inline-formula> , 10.32%, and 8.39%, on these respective datasets, without appreciable loss of classification accuracy. Codes for the results in this paper are available at <uri xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">https://github.com/wangren09/RAILS</uri> .
Highlights
T HE state of the art in supervised deep learning has dramatically improved over the past decade [1]
We propose a new framework, Robust Adversarial Immune-inspired Learning System (RAILS), that can effectively defend deep learning architectures against aggressive attacks based on a refined biology model of the adaptive immune system
We compare RAILS with Convolutional Neural Network (CNN) Classification and Deep k-Nearest Neighbors (DkNN) Classification [17] on the MNIST [46], SVHN [47], CIFAR-10 and CIFAR-100 [48] datasets
Summary
T HE state of the art in supervised deep learning has dramatically improved over the past decade [1]. Deep learning techniques have led to significant advances in applications such as: face recognition [2]; object detection [3]; and natural language processing [4]. Despite these successes, deep learning techniques are not resilient to evasion attacks (a.k.a. adversarial attacks) on test inputs and poisoning attacks on training data [5]–[7]. The adversarial vulnerability of deep neural networks (DNN) have restricted their application, motivating researchers to develop effective defense methods. The focus of this paper is to develop a novel deep defense framework inspired by the mammalian immune system. Current adversarial defense strategies can be divided into four classes: (1) detection of adversarial samples [8]–[10]; (2) Robust training [11]–[14]; (3) data denoising and reconstruction [15], [16]; and (4) deep adversarial learning
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
