Top

Published in:

2019 | OriginalPaper | Chapter

Mitigating Overfitting Using Regularization to Defend Networks Against Adversarial Examples

Authors : Yoshimasa Kubo, Thomas Trappenberg

Published in: Advances in Artificial Intelligence

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Recent work has shown that neural networks are vulnerable to adversarial examples. There is an discussion if this problem is related to overfitting. While many researcher stress that overfitting is not related to adversarial sensitivity, Galloway et al. [4] showed that mitigating overfitting improves the accuracy on adversarial examples. In this study we add to this view that overfitting is a factor in adversarial sensitivity. To make this argument, we include two directions in our study, the first is to evaluate several standard regularization techniques with adversarial attacks and to the second is to evaluate binarized stochastic neural networks on adversarial examples. We report that strong regularizations including binarized stochastic neural networks do not only improve overfitting but also help the networks in fighting against adversarial attacks. Supplemental materials are available at https://github.com/ykubo82/ovf.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Weaving Information Propagation: Modeling the Way Information Spreads in Document Collections

next chapter Self-training for Cell Segmentation and Counting

Bengio, Y., Léonard, N., Courville, A.C.: Estimating or propagating gradients through stochastic neurons for conditional computation. arXiv preprint arXiv:1308.3432 (2013)

Chung, J., Ahn, S., Bengio, Y.: Hierarchical multiscale recurrent neural networks. arXiv preprint arXiv:1609.01704 (2016)

Galloway, A., Taylor, G.W., Moussa, M.: Attacking binarized neural networks. In: International Conference on Learning Representation (2018)

Galloway, A., Taylor, G.W., Moussa, M.: Predicting adversarial examples with high confidence. arXiv preprint arXiv:1802.04457 (2018)

Glorot, X., Bengio, Y.: Understanding the difficulty of training deep feedforward neural networks. In: Proceedings of the International Conference on Artificial Intelligence and Statistics (AISTATS 2010). Society for Artificial Intelligence and Statistics (2010)

Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)

Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)

Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 (2016)

LeCun, Y., Cortes, C.: MNIST handwritten digit database (1998). http://yann.lecun.com/exdb/mnist/

10.

Papernot, N., McDaniel, P.D., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: IEEE Symposium on Security and Privacy, pp. 582–597. IEEE Computer Society (2016)

11.

Srivastava, N., Hinton, G.E., Krizhevsky, A., Sutskever, I., Salakhutdinov, R.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. 15(1), 1929–1958 (2014). http://www.cs.toronto.edu/~rsalakhu/papers/srivastava14a.pdfMathSciNetMATH

12.

Szegedy, C., et al.: Intriguing properties of neural networks. In: International Conference on Learning Representation (2014)

13.

Wang, S., et al.: Defensive dropout for hardening deep neural networks under adversarial attacks. arXiv preprint arXiv:1809.05165 (2018)

Title: Mitigating Overfitting Using Regularization to Defend Networks Against Adversarial Examples
Authors: Yoshimasa Kubo
Thomas Trappenberg
Publisher: Springer International Publishing
Book: Advances in Artificial Intelligence
Print ISBN: 978-3-030-18304-2

Electronic ISBN: 978-3-030-18305-9

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-18305-9_36

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner