Compressive Recovery Defense: Defending Neural Networks Against ℓ₂, ℓ_∞, and ℓ₀ Norm Attacks

Authors

Jasjeet Dhaliwal, San Jose State University
Kyle Hambrook, San Jose State UniversityFollow

Publication Date

7-1-2020

Document Type

Conference Proceeding

Publication Title

2020 International Joint Conference on Neural Networks (IJCNN)

DOI

10.1109/IJCNN48605.2020.9207670

Abstract

We consider the problem of defending neural networks against adversarial inputs. In particular, we extend the framework introduced in [1] to defend neural networks against l2, l∞, and l0 norm attacks. We call this defense framework Compressive Recovery Defense (CRD) as it utilizes recovery algorithms from the theory of compressive sensing. For defending against l2-norm and l0-norm attacks, we use Basis Pursuit (BP) as the recovery algorithm and for the case of l∞-norm attacks, we utilize the Dantzig Selector (DS) with a novel constraint. For each recovery algorithm used, we provide rigorous recovery guarantees that do not depend on the noise generating mechanism and can therefore be utilized by CRD against any l2, l∞, or l0 norm attacks. Finally, we experimentally demonstrate that CRD is effective in defending neural networks against state of the art l2, l∞ and l0-norm attacks.

Department

Mathematics and Statistics

Recommended Citation

Jasjeet Dhaliwal and Kyle Hambrook. "Compressive Recovery Defense: Defending Neural Networks Against ℓ₂, ℓ_∞, and ℓ₀ Norm Attacks" 2020 International Joint Conference on Neural Networks (IJCNN) (2020). https://doi.org/10.1109/IJCNN48605.2020.9207670