Secure deep neural networks using adversarial image generation and training with Noise-GAN

Abstract

Recent advances in artificial intelligence have increased the importance of security issues. Nowadays, deep neural networks (DNNs) are used in many critical applications such as pilot drones and self-driving cars. So, the DNN's malfunction, due to an attack, may cause irreparable damages. The attack may happen either in training phase (poisoning attacks) or testing phase (evasion attacks) by presenting adversarial examples. These samples are maliciously created to deceive DNNs. This paper deals with evasion attacks and aims to immunize DNNs through adversarial examples generation and training. We propose Noise-GAN, a Generative Adversarial Network (GAN) with a multi-class Discriminator for producing a noise that by adding it to the original image adversarial examples can be obtained. In this paper, various types of evasion attacks are considered and performance of the proposed method is evaluated on different victim models under various defensive strategies. Experimental results are based on MNIST and CIFAR10 datasets and the average success rates for different attacks are reported and compared with state-of-the-art methods. The Non-targeted attack success rates on DNNs after training by adversarial examples, generated by Noise-GAN, were declined from 87.7% to 10.41% using MNIST dataset and from 91.2% to 57.66% using CIFAR-10 dataset.