ASK: Adversarial Soft k-Nearest Neighbor Attack and Defense

K-Nearest Neighbor (kNN)-based deep learning methods have been applied to many applications due their simplicity and geometric interpretability. However, the robustness of kNN-based classification models has not thoroughly explored kNN attack strategies are underdeveloped. In this paper, we first propose an Adversarial Soft (ASK) loss for developing more effective neural network designing better defense against them. Our ASK provides a differentiable surrogate expected error. It is also interpretable as it preserves mutual information between perturbed input in-class-reference data. We use design novel method called ASK-Attack (ASK-Atk), which shows superior efficiency accuracy degradation relative previous attacks on hidden layers. then derive ASK-Defense (ASK-Def) that optimizes worst-case training loss. Experiments CIFAR-10 (ImageNet) show (i) ASK-Atk achieves ≥ 13% (≥ 13%) improvement in success rate over attacks, (ii) ASK-Def outperforms conventional adversarial by 6.9% 3.5%) terms improvement. Relevant codes available at https://github.com/wangren09/ASK.