Robustifying models against adversarial attacks by Langevin dynamics

Adversarial attacks on deep learning models have compromised their performance considerably. As remedies, a number of defense methods were proposed, which however, been circumvented by newer and more sophisticated attacking strategies. In the midst this ensuing arms race, problem robustness against adversarial still remains challenging task. This paper proposes novel, simple yet effective strategy where off-manifold samples are driven towards high density regions data generating distribution (unknown) target class Metropolis-adjusted Langevin algorithm (MALA) with perceptual boundary taken into account. To achieve task, we introduce generative model conditional inputs given labels that can be learned through supervised Denoising Autoencoder (sDAE) in alignment discriminative classifier. Our algorithm, called MALA for DEfense (MALADE), is equipped significant dispersion—projection distributed broadly. prevents white box from accurately aligning input to create an sample effectively. MALADE applicable any existing classifier, providing robust as well detection. our experiments, exhibited state-of-the-art various elaborate