Adversarial defense by restricting the hidden space of deep neural networks

Aamir Mustafa, Salman Khan, Munawar Hayat, Roland Goecke, Jianbing Shen, Ling Shao

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

6 Citations (Scopus)

Abstract

Deep neural networks are vulnerable to adversarial attacks which can fool them by adding minuscule perturbations to the input images. The robustness of existing defenses suffers greatly under white-box attack settings, where an adversary has full knowledge about the network and can iterate several times to find strong perturbations. We observe that the main reason for the existence of such perturbations is the close proximity of different class samples in the learned feature space. This allows model decisions to be totally changed by adding an imperceptible perturbation in the inputs. To counter this, we propose to class-wise disentangle the intermediate feature representations of deep networks. Specifically, we force the features for each class to lie inside a convex polytope that is maximally separated from the polytopes of other classes. In this manner, the network is forced to learn distinct and distant decision regions for each class. We observe that this simple constraint on the features greatly enhances the robustness of learned models, even against the strongest white-box attacks, without degrading the classification performance on clean images. We report extensive evaluations in both black-box and white-box attack scenarios and show significant gains in comparison to state-of-the art defenses.

Original languageEnglish
Title of host publicationProceedings - IEEE International Conference on Computer Vision, ICCV 2019
EditorsIn So Kweon, Nikos Paragios, Ming-Hsuan Yang, Svetlana Lazebnik
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages3384-3393
Number of pages10
ISBN (Electronic)9781728148038
ISBN (Print)9781728148045
DOIs
Publication statusPublished - 2019
Externally publishedYes
EventIEEE International Conference on Computer Vision 2019 - Seoul, Korea, Republic of (South)
Duration: 27 Oct 20192 Nov 2019
Conference number: 17th
http://iccv2019.thecvf.com/

Publication series

NameProceedings of the IEEE International Conference on Computer Vision
PublisherIEEE, Institute of Electrical and Electronics Engineers
Volume2019-October
ISSN (Print)1550-5499
ISSN (Electronic)2380-7504

Conference

ConferenceIEEE International Conference on Computer Vision 2019
Abbreviated titleICCV 2019
CountryKorea, Republic of (South)
CitySeoul
Period27/10/192/11/19
Internet address

Cite this