Abstract

Although neural networks have achieved remarkable success on classification, adversarial robustness is still a significant concern. There are now a series of approaches for designing adversarial examples and methods to defending against them. This paper consists of two projects. In our first work, we propose an approach by leveraging cognitive salience to enhance additional robustness on top of these methods. Specifically, for image classification, we split an image into the foreground (salient region) and background (the rest) and allow significantly larger adversarial perturbations in the background to produce stronger attacks. Furthermore, we show that adversarial training with dual-perturbation attacks yield classifiers that are more robust to these than state-of-the-art robust learning approaches and comparable in robustness to conventional attacks. We also incorporate a stabilization process for binary inputs after the regular defense method to increase robustness.

In the second part of our work, we introduce a naive method that requires much less com- putation than other state-of-the-art methods, which adds regularization to the first layer of the neural networks. We also provide a generalized version that could apply to more com- plicated neural networks and empirically prove that our method has comparable robustness with baseline methods and is much faster.

Committee Chair

Yevgeniy Vorobeychik Chien-Ju Ho William Yoeh

Committee Members

Yevgeniy Vorobeychik Chien-Ju Ho William Yoeh

Degree

Master of Science (MS)

Author's Department

Computer Science & Engineering

Author's School

McKelvey School of Engineering

Document Type

Thesis

Date of Award

Spring 5-21-2021

Language

English (en)

Download

Share

COinS