Compressive Recovery Defense: Defending Neural Networks Against ℓ2, ℓ∞, and ℓ0 Norm Attacks
Publication Date
7-1-2020
Document Type
Conference Proceeding
Publication Title
2020 International Joint Conference on Neural Networks (IJCNN)
DOI
10.1109/IJCNN48605.2020.9207670
Abstract
We consider the problem of defending neural networks against adversarial inputs. In particular, we extend the framework introduced in [1] to defend neural networks against l2, l∞, and l0 norm attacks. We call this defense framework Compressive Recovery Defense (CRD) as it utilizes recovery algorithms from the theory of compressive sensing. For defending against l2-norm and l0-norm attacks, we use Basis Pursuit (BP) as the recovery algorithm and for the case of l∞-norm attacks, we utilize the Dantzig Selector (DS) with a novel constraint. For each recovery algorithm used, we provide rigorous recovery guarantees that do not depend on the noise generating mechanism and can therefore be utilized by CRD against any l2, l∞, or l0 norm attacks. Finally, we experimentally demonstrate that CRD is effective in defending neural networks against state of the art l2, l∞ and l0-norm attacks.
Department
Mathematics and Statistics
Recommended Citation
Jasjeet Dhaliwal and Kyle Hambrook. "Compressive Recovery Defense: Defending Neural Networks Against ℓ2, ℓ∞, and ℓ0 Norm Attacks" 2020 International Joint Conference on Neural Networks (IJCNN) (2020). https://doi.org/10.1109/IJCNN48605.2020.9207670