Submitted by admin on Tue, 06/11/2024 - 01:30
Over the past two decades, the rise in adoption of neural networks has surged in parallel with their performance. Concurrently, we have observed the inherent fragility of these prediction models: small changes to the inputs can induce classification errors across entire datasets. In the following study, we examine perturbations constrained by the $\ell _{0}$ –norm, a potent attack model in the domains of computer vision, malware detection, and natural language processing. To combat this adversary, we introduce a novel defense technique comprised of two components: “truncation” and “adversarial training”. Subsequently, we conduct a theoretical analysis of the Gaussian mixture setting and establish the asymptotic optimality of our proposed defense. Based on this obtained insight, we broaden the application of our technique to neural networks. Lastly, we empirically validate our results in the domain of computer vision, demonstrating substantial enhancements in the robust classification error of neural networks.
READ ON IEEE Xplore
Mark Beliaev
Payam Delgosha
Hamed Hassani
Ramtin Pedarsani
Propose a Special Issue

Proposals may be developed by anyone having interest and expertise in a technical area within the scope of the IEEE Information Theory Society.

Learn More
Submit a Manuscript

All submissions to JSAIT must be in response to a specific Call for Papers and adhere to the deadlines and any specific instructions therein.

Information for Authors
Get Notified of New Issues

Sign up for our Journals and Magazines mailing list to get notified of new JSAIT issues as they become available.

Sign up for the IT society Mailing List