Robust sensible adversarial learning of deep neural networks for image classification

The idea of robustness is central and critical to modern statistical analysis. However, despite the recent advances deep neural networks (DNNs), many studies have shown that DNNs are vulnerable adversarial attacks. Making imperceptible changes an image can cause DNN models make wrong classification with high confidence, such as classifying a benign mole malignant tumor stop sign speed limit sign. trade-off between standard accuracy common for models. In this paper we introduce sensible learning demonstrate synergistic effect pursuits natural robustness. Specifically, define adversary, which useful robust model, while keeping accuracy. We theoretically establish Bayes classifier most multiclass 0−1 loss under learning. propose novel efficient algorithm trains model using implicit truncation. apply large-scale handwritten digital dataset, called MNIST, object recognition colored CIFAR10. performed extensive comparative study compare our method other competitive methods. Our experiments empirically not sensitive its hyperparameter does collapse even small capacity promoting against various attacks software available Python package at https://github.com/JungeumKim/SENSE.