Using Capsule Networks with Thermometer Encoding to Defend Against Adversarial Attacks
نویسندگان
چکیده
Adversarial attacks have been shown to construct examples that drastically reduce the performance of classification models. One recently proposed defense against adversarial attacks is to discretize the input in a method called thermometer encoding. We apply thermometer encoding to capsule networks, a recently proposed computer vision architecture that has also demonstrated state-ofthe-art resistance to adversarial attacks. The capsule network with thermometer encoding outperforms our baseline CNN and vanilla capsule network when trained adversarially, and performs comparably to a CNN with thermometer encoding. The gains by applying thermometer encoding to capsule networks may improve adversarial resistance on more complex tasks where capsule networks have already demonstrated state-of-theart resistance.
منابع مشابه
Divide, Denoise, and Defend against Adversarial Attacks
Deep neural networks, although shown to be a successful class of machine learning algorithms, are known to be extremely unstable to adversarial perturbations. Improving the robustness of neural networks against these attacks is important, especially for security-critical applications. To defend against such attacks, we propose dividing the input image into multiple patches, denoising each patch...
متن کاملTowards Scalable and Robust Overlay Networks
Every peer-to-peer system is based on some overlay network connecting its peers. Many of the overlay network concepts proposed in the scientific community are based on the concept of virtual space. These designs are usually highly scalable, but they do not guarantee robustness against adversarial attacks, especially when considering open peer-to-peer systems. In these systems, determined advers...
متن کاملSecuring AODV routing protocol against the black hole attack using Firefly algorithm
Mobile ad hoc networks are networks composed of wireless devices to create a network with the ability for self-organization. These networks are designed as a new generation of computer networks to satisfy some specific requirements and with features different from wired networks. These networks have no fixed communication infrastructure and for communication with other nodes the intermediate no...
متن کاملRandom Key Pre-Distribution Techniques against Sybil Attacks
Sybil attacks pose a serious threat for Wireless Sensor Networks (WSN) security. They can create problems in routing, voting schemes, decision making, distributed storage and sensor re-programming. In a Sybil attack, the attacker masquerades as multiple sensor identities that are actually controlled by one or a few existing attacker nodes. Sybil identities are fabricated out of stolen keys, obt...
متن کاملSpatially Transformed Adversarial Examples
Recent studies show that widely used deep neural networks (DNNs) are vulnerable to carefully crafted adversarial examples. Many advanced algorithms have been proposed to generate adversarial examples by leveraging the Lp distance for penalizing perturbations. Researchers have explored different defense methods to defend against such adversarial attacks. While the effectiveness of Lp distance as...
متن کامل