Improving the robustness of neural networks using

It is of significant importance for any classification and recognition system which claims near or better than human performance to be immune to small perturbations in the dataset. Researchers found out that neural networks are not very robust to small perturbations and can easily be fooled to persistently misclassify by adding a particular class of noise in the test data. This, so called adversarial noise severely deteriorates the performance of neural networks which otherwise perform really well on unperturbed dataset. It has been recently proposed [3] that neural networks can be made robust against adversarial noise by training them using the data corrupted with adversarial noise itself. Following this approach, in this paper, we propose a new mechanism to generate a powerful adversarial noise model based on K-Support norm to train neural networks. We tested our approach on two benchmark datasets, namely the MNIST and STL-10, using muti-layer perceptron (MLP) and convolutional neural networks (CNN). Experimental results demonstrate that neural networks trained with the proposed technique show significant improvement in robustness compared to state of the art techniques.

[1]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[2]  Stephen J. Wright,et al.  Simultaneous Variable Selection , 2005, Technometrics.

[3]  R. Tibshirani,et al.  Sparsity and smoothness via the fused lasso , 2005 .

[4]  H. Zou,et al.  Regularization and variable selection via the elastic net , 2005 .

[5]  Yann LeCun,et al.  The mnist database of handwritten digits , 2005 .

[6]  Yee Whye Teh,et al.  A Fast Learning Algorithm for Deep Belief Nets , 2006, Neural Computation.

[7]  Shie Mannor,et al.  Robustness and Regularization of Support Vector Machines , 2008, J. Mach. Learn. Res..

[8]  Shie Mannor,et al.  Robust Regression and Lasso , 2008, IEEE Transactions on Information Theory.

[9]  Shie Mannor,et al.  Robustness and generalization , 2010, Machine Learning.

[10]  Francis R. Bach,et al.  Trace Lasso: a trace norm regularization for correlated designs , 2011, NIPS.

[11]  Blaine Nelson,et al.  Support Vector Machines Under Adversarial Label Noise , 2011, ACML.

[12]  Nathan Srebro,et al.  Sparse Prediction with the $k$-Support Norm , 2012, NIPS.

[13]  Shie Mannor,et al.  Robust Logistic Regression and Classification , 2014, NIPS.

[14]  Matthew B. Blaschko,et al.  Predicting cross-task behavioral variables from fMRI data using the k-support norm , 2014 .

[15]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[16]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[17]  Luca Rigazio,et al.  Towards Deep Neural Network Architectures Robust to Adversarial Examples , 2014, ICLR.

[18]  Arild Nøkland Improving Back-Propagation by Adding an Adversarial Gradient , 2015, ArXiv.

[19]  Matthew B. Blaschko,et al.  Predictive sparse modeling of fMRI data for improved classification, regression, and visualization using the k-support norm , 2015, Comput. Medical Imaging Graph..

[20]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[21]  Uri Shaham,et al.  Understanding Adversarial Training: Increasing Local Stability of Neural Nets through Robust Optimization , 2015, ArXiv.

[22]  Shin Ishii,et al.  Distributional Smoothing with Virtual Adversarial Training , 2015, ICLR 2016.

[23]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[24]  Matthew B. Blaschko,et al.  Discovering predictors of mental health service utilization with k-support regularized logistic regression , 2016, Inf. Sci..

[25]  David J. Fleet,et al.  Adversarial Manipulation of Deep Representations , 2015, ICLR.

[26]  Eduardo Valle,et al.  Exploring the space of adversarial images , 2015, 2016 International Joint Conference on Neural Networks (IJCNN).

[27]  Pascal Frossard,et al.  Analysis of classifiers’ robustness to adversarial perturbations , 2015, Machine Learning.