Toward deep neural networks robust to adversarial examples, using augmented data importance perception

Abstract

Deep neural networks (DNNs) have been shown to be susceptible to slightly perturbed adversarial examples. Even adversarial examples that are imperceptible to the human eye can easily lead to misclassification of DNNs. The most effective defense against adversarial examples is adversarial training (AT). Through AT, the robustness of the model against adversarial examples can be greatly improved. However, AT causes a decrease in the accuracy of the model’s classification of natural examples and serious overfitting problems. To improve the generalization ability of the model, we propose a method for enhancing model robustness through augmented data importance perception (ADIP). By extracting offensive adversarial examples for data augmentation and considering the attack strength of new adversarial examples to design an importance measure term to improve the loss function, the results of experiments show that the model robustness enhancement method based on ADIP improves the robustness of the model and alleviates the overfitting problem of the model caused by AT. In addition, our algorithm trains a robust model with a small computational cost.