GanDef: A GAN based adversarial training defense for neural network classifier

Guanxiong Liu, Issa Khalil, Abdallah Khreishah

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Scopus citations

Abstract

Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7%.

Original languageEnglish (US)
Title of host publicationICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings
EditorsGurpreet Dhillon, Fredrik Karlsson, Karin Hedström, André Zúquete
PublisherSpringer New York LLC
Pages19-32
Number of pages14
ISBN (Print)9783030223113
DOIs
StatePublished - 2019
Event34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019 - Lisbon, Portugal
Duration: Jun 25 2019Jun 27 2019

Publication series

NameIFIP Advances in Information and Communication Technology
Volume562
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019
Country/TerritoryPortugal
CityLisbon
Period6/25/196/27/19

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management

Keywords

  • Adversarial training defense
  • Generative adversarial net
  • Neural network classifier

Fingerprint

Dive into the research topics of 'GanDef: A GAN based adversarial training defense for neural network classifier'. Together they form a unique fingerprint.

Cite this