Efficient error-correcting output codes for adversarial learning robustness

Li Wan, Tansu Alpcan, Emanuele Viterbo, Margreta Kuijper

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

1 Citation (Scopus)

Abstract

Despite their many successful applications, Deep Neural Networks (DNNs) are vulnerable to intentionally designed adversarial examples. Adversarial robustness describes the ability of a machine learning model, e.g., a neural network, to defend against such adversarial attacks. In coding theory, codebooks are designed to minimize the impact of errors occurring with transmission through a noisy channel. Motivated by the similarities between passing a codeword through a noisy channel and defending against adversarial attacks, Error-Correcting Output Codes (ECOCs) are used to achieve state-of-the-art adversarial robustness. Research on codebook designs and the association of codewords to classification labels (assignment) is still at the very early stages, with great room for improvement. In this work, we present novel codebook design and assignment procedures in two stages due to the complexity (NP-hardness) of the underlying problem. A rule-based heuristic codebook design method is proposed in the first stage and an optimization problem to assign the codewords to labels is proposed in the second stage. Since this optimization is NP-hard, a greedy algorithm is proposed to provide a sub-optimal solution. We demonstrate the effectiveness of our framework on three benchmark datasets, under different types of adversarial attacks. The experimental results show that our error-correcting output code framework can effectively improve the adversarial robustness of machine learning models, with up to a 10% increase in accuracy.

Original languageEnglish
Title of host publicationICC 2022 - IEEE International Conference on Communications
EditorsEkram Hossain
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages2345-2350
Number of pages6
ISBN (Electronic)9781538683477
ISBN (Print)9781538683484
DOIs
Publication statusPublished - 2022
EventIEEE International Conference on Communications 2022 - Seoul, Korea, South
Duration: 16 May 202220 May 2022
https://ieeexplore.ieee.org/xpl/conhome/9837954/proceeding (Proceedings)
https://icc2022.ieee-icc.org/ (Website)

Publication series

NameIEEE International Conference on Communications
PublisherIEEE, Institute of Electrical and Electronics Engineers
Volume2022-May
ISSN (Print)1550-3607
ISSN (Electronic)1938-1883

Conference

ConferenceIEEE International Conference on Communications 2022
Abbreviated titleICC 2022
Country/TerritoryKorea, South
CitySeoul
Period16/05/2220/05/22
Internet address

Keywords

  • adversarial robustness
  • coding theory
  • Error-correcting output code
  • machine learning

Cite this