EXPLORING NEURAL NETWORK DEFENSES WITH ADVERSARIAL MIXUP

Neural networks (NNs) are vulnerable to adversarial examples, and extensive research is aimed at detecting them. However, detecting adversarial examples is not easy, even with the construction of new loss functions in a network. In this study, we introduce the Adversarial Mix up (AdvMix) network, a neural network that adds a None of the Above (NOTA) class on top of the existing classes to isolate the space where adversarial examples exist. We investigate the effectiveness of AdvMix in improving the robustness of models trained on deep neural networks against adversarial attacks by detecting them. We experimented with various data augmentation techniques and trained nine different models. Our findings show that using an AdvMix network can significantly improve the performance of models against various attacks while achieving better accuracy on benign examples. We were able to increase the accuracy of the vanilla model from 91% to 95% and improve the model's robustness. In many cases, we were able to eliminate the vulnerability of models against some popular and efficient attacks.
Captain, Hellenic Army
Approved for public release. Distribution is unlimited.