TY - GEN
T1 - GanDef
T2 - 34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019
AU - Liu, Guanxiong
AU - Khalil, Issa
AU - Khreishah, Abdallah
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2019.
PY - 2019
Y1 - 2019
N2 - Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7%.
AB - Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7%.
KW - Adversarial training defense
KW - Generative adversarial net
KW - Neural network classifier
UR - http://www.scopus.com/inward/record.url?scp=85068206491&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85068206491&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-22312-0_2
DO - 10.1007/978-3-030-22312-0_2
M3 - Conference contribution
AN - SCOPUS:85068206491
SN - 9783030223113
T3 - IFIP Advances in Information and Communication Technology
SP - 19
EP - 32
BT - ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings
A2 - Dhillon, Gurpreet
A2 - Karlsson, Fredrik
A2 - Hedström, Karin
A2 - Zúquete, André
PB - Springer New York LLC
Y2 - 25 June 2019 through 27 June 2019
ER -