Robustness to Adversarial Examples through an Ensemble of Specialists

We are proposing to use an ensemble of diverse specialists, where speciality is defined according to the confusion matrix. Indeed, we observed that for adversarial instances originating from a given class, labeling tend to be done into a small subset of (incorrect) classes. Therefore, we argue that an ensemble of specialists should be better able to identify and reject fooling instances, with a high entropy (i.e., disagreement) over the decisions in the presence of adversaries. Experimental results obtained confirm that interpretation, opening a way to make the system more robust to adversarial examples through a rejection mechanism, rather than trying to classify them properly at any cost.

• Publication year

  2017

• Venue

  International Conference on Learning Representations

• Publication date

  2017-02-17

• Fields of study

  Computer Science

• Identifiers
  arXiv 1702.06856
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Adversarial Diversity and Hard Positive Generation

  2016cited by this paper
• Adversarial Manipulation of Deep Representations

  2015cited by this paper
• Deep Residual Learning for Image Recognition

  2015cited by this paper
• Distilling the Knowledge in a Neural Network

  2015cited by this paper
• DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks

  2015influential reference
• Towards Open Set Deep Networks

  2015cited by this paper
• Robust Convolutional Neural Networks under Adversarial Noise

  2015cited by this paper
• Explaining and Harnessing Adversarial Examples

  2014cited by this paper
• DeepFace: Closing the Gap to Human-Level Performance in Face Verification

  2014cited by this paper
• Large-Scale Video Classification with Convolutional Neural Networks

  2014cited by this paper
• Deep neural networks are easily fooled: High confidence predictions for unrecognizable images

  2014cited by this paper
• Intriguing properties of neural networks

  2013influential reference
• Improving neural networks by preventing co-adaptation of feature detectors

  2012cited by this paper

• A Comprehensive Survey of Mixture-of-Experts: Algorithms, Theory, and Applications

  2025cites this paper
• Uncertainty-Aware Deep Video Compression With Ensembles

  2024cites this paper
• SpotOn: Adversarially Robust Keyword Spotting on Resource-Constrained IoT Platforms

  2024influential citation
• Alchemy: Data-Free Adversarial Training

  2024cites this paper
• Towards Adversarial Robustness of Model-Level Mixture-of-Experts Architectures for Semantic Segmentation

  2024cites this paper
• CARE: Ensemble Adversarial Robustness Evaluation Against Adaptive Attackers for Security Applications

  2024cites this paper
• The Path to Defence: A Roadmap to Characterising Data Poisoning Attacks on Victim Models

  2023cites this paper
• Improving the Robustness of Quantized Deep Neural Networks to White-Box Attacks using Stochastic Quantization and Information-Theoretic Ensemble Training

  2023cites this paper
• Deep Bayesian Image Set Classification Approach for Defense against Adversarial Attacks

  2023cites this paper
• DNN Feature Map Gram Matrices for Mitigating White-Box Attacks on Image Classification

  2023cites this paper
• Applications of AI/ML in Maritime Cyber Supply Chains

  2023cites this paper
• DENL: Diverse Ensemble and Noisy Logits for Improved Robustness of Neural Networks

  2023cites this paper
• CoopHance: Cooperative Enhancement for Robustness of Deep Learning Systems

  2023cites this paper
• Machine learning and blockchain technologies for cybersecurity in connected vehicles

  2023cites this paper
• Adversarial Robustness in Unsupervised Machine Learning: A Systematic Review

  2023cites this paper
• Improved Robustness Against Adaptive Attacks With Ensembles and Error-Correcting Output Codes

  2023cites this paper
• SAFEXPLAIN: Safe and Explainable Critical Embedded Systems Based on AI

  2023cites this paper
• Adversarial Robustness in Graph-Based Neural Architecture Search for Edge AI Transportation Systems

  2023cites this paper
• A Survey of Adversarial Attack and Defense Methods for Malware Classification in Cyber Security

  2023cites this paper
• Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000

  2022cites this paper
• Randomize Adversarial Defense in a Light Way

  2022cites this paper
• Adversarial Attack Detection Based on Example Semantics and Model Activation Features

  2022cites this paper
• Increasing Robustness against Adversarial Attacks through Ensemble of Approximate Multipliers

  2022cites this paper
• Learning Sample Reweighting for Accuracy and Adversarial Robustness

  2022cites this paper
• A Perturbation Resistant Transformation and Classification System for Deep Neural Networks

  2022cites this paper
• Ares: A System-Oriented Wargame Framework for Adversarial ML

  2022cites this paper
• Defending Adversarial Examples by Negative Correlation Ensemble

  2022cites this paper
• Exploring Adversarial Attacks and Defenses in Vision Transformers trained with DINO

  2022cites this paper
• Transferable 3D Adversarial Textures using End-to-end Optimization

  2022cites this paper
• Secure machine learning against adversarial samples at test time

  2022cites this paper
• Adversarial Attacks Against Deep Learning-Based Network Intrusion Detection Systems and Defense Mechanisms

  2022cites this paper
• Adversarial Learning With Cost-Sensitive Classes

  2021cites this paper
• Attacking Image Classifiers To Generate 3D Textures

  2021cites this paper
• DeepAdversaries: examining the robustness of deep learning models for galaxy morphology classification

  2021cites this paper
• On the Reversibility of Adversarial Attacks

  2021cites this paper
• Research Progress and Challenges on Application-Driven Adversarial Examples: A Survey

  2021cites this paper
• Deep Bayesian Image Set Classification: A Defence Approach against Adversarial Attacks

  2021cites this paper
• Understanding the Resilience of Neural Network Ensembles against Faulty Training Data

  2021cites this paper
• Dealing with Adversarial Player Strategies in the Neural Network Game iNNk through Ensemble Learning

  2021cites this paper
• Code integrity attestation for PLCs using black box neural network predictions

  2021cites this paper
• Ensemble Defense with Data Diversity: Weak Correlation Implies Strong Robustness

  2021cites this paper
• Transferability Analysis of an Adversarial Attack on Gender Classification to Face Recognition

  2021cites this paper
• On the security of ANN-based AC state estimation in smart grid

  2021cites this paper
• Adversarial Robustness for Face Recognition: How to Introduce Ensemble Diversity among Feature Extractors?

  2021cites this paper
• Master Thesis Adversarial Detection and Defense in Deep learning

  2021cites this paper
• Security and Privacy for Artificial Intelligence: Opportunities and Challenges

  2021cites this paper
• Unity is strength: Improving the detection of adversarial examples with ensemble approaches

  2021cites this paper
• Text Adversarial Examples Generation and Defense Based on Reinforcement Learning

  2021cites this paper
• A study on the uncertainty of convolutional layers in deep neural networks

  2020influential citation
• Input Validation for Neural Networks via Runtime Local Robustness Verification

  2020cites this paper
• RL-Duet: Online Music Accompaniment Generation Using Deep Reinforcement Learning

  2020cites this paper
• Gödel's Sentence Is An Adversarial Example But Unsolvable

  2020cites this paper
• Randomization matters. How to defend against strong adversarial attacks

  2020cites this paper
• Defend Against Adversarial Samples by Using Perceptual Hash

  2020influential citation
• Adversarial examples detection through the sensitivity in space mappings

  2020cites this paper
• Robustness Verification for Classifier Ensembles

  2020cites this paper
• Deep Neural Mobile Networking

  2020cites this paper
• Exploiting Joint Robustness to Adversarial Perturbations

  2020influential citation
• Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection

  2020cites this paper
• TREND: Transferability-Based Robust ENsemble Design

  2020cites this paper
• Adversarial Examples on Object Recognition

  2020cites this paper
• Securing Machine Learning Architectures and Systems

  2020cites this paper
• Adversarial Machine Learning in Image Classification: A Survey Toward the Defender’s Perspective

  2020cites this paper
• EI-MTD: Moving Target Defense for Edge Intelligence against Adversarial Attacks

  2020cites this paper
• Tiki-Taka: Attacking and Defending Deep Learning-based Intrusion Detection Systems

  2020cites this paper
• Where Does the Robustness Come from?: A Study of the Transformation-based Ensemble Defence

  2020cites this paper
• Algorithm Selection with Attention on Software Verification

  2020cites this paper
• Towards Backdoor Attacks and Defense in Robust Machine Learning Models

  2020cites this paper
• Robust Attacks against Multiple Classifiers

  2019cites this paper
• Neuron Selecting: Defending Against Adversarial Examples in Deep Neural Networks

  2019cites this paper
• Preserving Differential Privacy in Adversarial Learning with Provable Robustness

  2019cites this paper
• n-ML: Mitigating Adversarial Examples via Ensembles of Topologically Manipulated Classifiers

  2019cites this paper
• Error-Correcting Neural Network

  2019influential citation
• Enhancing Certifiable Robustness via a Deep Model Ensemble

  2019cites this paper
• Scalable Differential Privacy with Certified Robustness in Adversarial Learning

  2019cites this paper
• Defeating Misclassification Attacks Against Transfer Learning

  2019cites this paper
• Hardware Accelerator for Adversarial Attacks on Deep Learning Neural Networks

  2019cites this paper
• Lower Bounds on Adversarial Robustness from Optimal Transport

  2019cites this paper
• Defending Against Misclassification Attacks in Transfer Learning

  2019cites this paper
• Defending Against Adversarial Iris Examples UsingWavelet Decomposition

  2019cites this paper
• MTDeep: Moving Target Defense to Boost the Security of Deep Neural Networks Against Adversarial Attacks

  2019cites this paper
• SANE: Exploring Adversarial Robustness With Stochastically Activated Network Ensembles

  2019cites this paper
• SANE: Towards Improved Prediction Robustness via Stochastically Activated Network Ensembles

  2019cites this paper
• Error-Correcting Output Codes with Ensemble Diversity for Robust Learning in Neural Networks

  2019influential citation
• Reinforcement Learning for Autonomous Defence in Software-Defined Networking

  2018cites this paper
• Adversarial Spheres

  2018cites this paper
• Adaptive and Diverse Techniques for Generating Adversarial Examples

  2018influential citation
• A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples

  2018cites this paper
• Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

  2018cites this paper
• Spartan Networks: Self-Feature-Squeezing Neural Networks for increased robustness in adversarial settings

  2018cites this paper
• Strength in Numbers: Trading-off Robustness and Computation via Adversarially-Trained Ensembles

  2018cites this paper
• Adversarial Examples - A Complete Characterisation of the Phenomenon

  2018cites this paper
• Controlling Over-generalization and its Effect on Adversarial Examples Generation and Detection

  2018cites this paper
• Out-distribution training confers robustness to deep neural networks

  2018cites this paper
• Motivating the Rules of the Game for Adversarial Example Research

  2018cites this paper
• With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning

  2018cites this paper
• Hardware Trojan Attacks on Neural Networks

  2018cites this paper
• PAC-learning in the presence of evasion adversaries

  2018cites this paper
• Adversarial Spheres

  2018cites this paper
• Towards Dependable Deep Convolutional Neural Networks (CNNs) with Out-distribution Learning

  2018cites this paper