Improving the Robustness of Neural Networks Using K-Support Norm Based Adversarial Training

Sheikh Waqas Akhtar, Saad Rehman, Mahmood Akhtar, Muazzam A. Khan, Farhan Riaz, Qaiser Chaudry, Rupert Young
2016 IEEE Access  
It is of significant importance for any classification and recognition system, which claims near or better than human performance to be immune to small perturbations in the dataset. Researchers found out that neural networks are not very robust to small perturbations and can easily be fooled to persistently misclassify by adding a particular class of noise in the test data. This, so-called adversarial noise severely deteriorates the performance of neural networks, which otherwise perform really
more » ... well on unperturbed dataset. It has been recently proposed that neural networks can be made robust against adversarial noise by training them using the data corrupted with adversarial noise itself. Following this approach, in this paper, we propose a new mechanism to generate a powerful adversarial noise model based on K-support norm to train neural networks. We tested our approach on two benchmark datasets, namely the MNIST and STL-10, using muti-layer perceptron and convolutional neural networks. Experimental results demonstrate that neural networks trained with the proposed technique show significant improvement in robustness as compared to state-of-the-art techniques. INDEX TERMS K-Support norm, robutness, generalization, convolutional neural networks, adversarial. (2012 to date). Dr. Akhtar has authored or co-authored around 35 publications and has served as a Reviewer for several IEEE, IET, and other journals and numerous conferences. His research interests include biomedical imaging and signal processing, computer graphics and vision, and bioinformatics and computational biology. MUAZZAM A. KHAN is currently an Assistant Professor with the College of Electrical and Mechanical Engineering, National University of Sciences and Technology, Islamabad. His research interests include wireless sensor networks, routing, security, localization, and quality of service. FARHAN RIAZ is currently an Assistant Professor with the College of Electrical and Mechanical Engineering, National University of Sciences and Technology, Islamabad. His research interests include biomedical signal, image processing, and machine learning. 9510 VOLUME 4, 2016
doi:10.1109/access.2016.2643678 fatcat:45rkm6v4w5h35csj5owxp76yv4