Enhancing Robustness of Classifiers Against Adversarial Examples

Abstract

Security and privacy of machine learning systems have become a crucial aspect which requires an urgent attention from both the academia and the industry. Adversarial examples are one of the well-known security concern which has only recently been investigated. In a broad sense, an adversarial example refers to any crafted input sample that can mislead a machine learning model into making a certain undesirable decision. While there have been many efforts which go into attacking with and defending against adversarial examples, their underlying cause or properties have not been rigorously investigated. In this work, we focus on empirically inspect main causes of adversarial examples on classifiers, potential defenses, and a novel generation method using GANs. In particular, we experimentally find a set of conditions which make a classifier more susceptible, including some properties of both the data and the classifier. We investigate the effectiveness of various defenses and discover that hinge loss can substantially improve classifier’s robustness. Lastly, we propose a novel method to generate adversarial examples by e ffciiently searching in the latent space of a GAN. Our method can create natural-looking samples which fool a classifier and are, theoretically, di cult to detect by recently proposed detection methods.