Fortify the Guardian, Not the Treasure: Resilient Adversarial Detectors

Raz Lapid; Almog Dubin; Moshe Sipper

doi:10.3390/math12223451

Fortify the Guardian, Not the Treasure: Resilient Adversarial Detectors

Raz Lapid, Almog Dubin, Moshe Sipper

Department of Computer Science

Ben-Gurion University of the Negev

Research output: Contribution to journal › Article › peer-review

Abstract

Adaptive adversarial attacks, where adversaries tailor their strategies with full knowledge of defense mechanisms, pose significant challenges to the robustness of adversarial detectors. In this paper, we introduce RADAR (Robust Adversarial Detection via Adversarial Retraining), an approach designed to fortify adversarial detectors against such adaptive attacks while preserving the classifier’s accuracy. RADAR employs adversarial training by incorporating adversarial examples—crafted to deceive both the classifier and the detector—into the training process. This dual optimization enables the detector to learn and adapt to sophisticated attack scenarios. Comprehensive experiments on CIFAR-10, SVHN, and ImageNet datasets demonstrate that RADAR substantially enhances the detector’s ability to accurately identify adaptive adversarial attacks without degrading classifier performance.

Original language	American English
Article number	3451
Journal	Mathematics
Volume	12
Issue number	22
DOIs	https://doi.org/10.3390/math12223451
State	Published - 1 Nov 2024

Keywords

adaptive adversarial attacks
adversarial attacks
deep learning
robustness

All Science Journal Classification (ASJC) codes

Computer Science (miscellaneous)
General Mathematics
Engineering (miscellaneous)

Access to Document

10.3390/math12223451

Cite this

@article{5aef534c58784fcfbfc8def0243dfd9d,

title = "Fortify the Guardian, Not the Treasure: Resilient Adversarial Detectors",

abstract = "Adaptive adversarial attacks, where adversaries tailor their strategies with full knowledge of defense mechanisms, pose significant challenges to the robustness of adversarial detectors. In this paper, we introduce RADAR (Robust Adversarial Detection via Adversarial Retraining), an approach designed to fortify adversarial detectors against such adaptive attacks while preserving the classifier{\textquoteright}s accuracy. RADAR employs adversarial training by incorporating adversarial examples—crafted to deceive both the classifier and the detector—into the training process. This dual optimization enables the detector to learn and adapt to sophisticated attack scenarios. Comprehensive experiments on CIFAR-10, SVHN, and ImageNet datasets demonstrate that RADAR substantially enhances the detector{\textquoteright}s ability to accurately identify adaptive adversarial attacks without degrading classifier performance.",

keywords = "adaptive adversarial attacks, adversarial attacks, deep learning, robustness",

author = "Raz Lapid and Almog Dubin and Moshe Sipper",

note = "Publisher Copyright: {\textcopyright} 2024 by the authors.",

year = "2024",

month = nov,

day = "1",

doi = "10.3390/math12223451",

language = "American English",

volume = "12",

journal = "Mathematics",

issn = "2227-7390",

publisher = "Multidisciplinary Digital Publishing Institute (MDPI)",

number = "22",

}

TY - JOUR

T1 - Fortify the Guardian, Not the Treasure

T2 - Resilient Adversarial Detectors

AU - Lapid, Raz

AU - Dubin, Almog

AU - Sipper, Moshe

PY - 2024/11/1

Y1 - 2024/11/1

N2 - Adaptive adversarial attacks, where adversaries tailor their strategies with full knowledge of defense mechanisms, pose significant challenges to the robustness of adversarial detectors. In this paper, we introduce RADAR (Robust Adversarial Detection via Adversarial Retraining), an approach designed to fortify adversarial detectors against such adaptive attacks while preserving the classifier’s accuracy. RADAR employs adversarial training by incorporating adversarial examples—crafted to deceive both the classifier and the detector—into the training process. This dual optimization enables the detector to learn and adapt to sophisticated attack scenarios. Comprehensive experiments on CIFAR-10, SVHN, and ImageNet datasets demonstrate that RADAR substantially enhances the detector’s ability to accurately identify adaptive adversarial attacks without degrading classifier performance.

AB - Adaptive adversarial attacks, where adversaries tailor their strategies with full knowledge of defense mechanisms, pose significant challenges to the robustness of adversarial detectors. In this paper, we introduce RADAR (Robust Adversarial Detection via Adversarial Retraining), an approach designed to fortify adversarial detectors against such adaptive attacks while preserving the classifier’s accuracy. RADAR employs adversarial training by incorporating adversarial examples—crafted to deceive both the classifier and the detector—into the training process. This dual optimization enables the detector to learn and adapt to sophisticated attack scenarios. Comprehensive experiments on CIFAR-10, SVHN, and ImageNet datasets demonstrate that RADAR substantially enhances the detector’s ability to accurately identify adaptive adversarial attacks without degrading classifier performance.

KW - adaptive adversarial attacks

KW - adversarial attacks

KW - deep learning

KW - robustness

UR - http://www.scopus.com/inward/record.url?scp=85210250567&partnerID=8YFLogxK

U2 - 10.3390/math12223451

DO - 10.3390/math12223451

M3 - Article

SN - 2227-7390

VL - 12

JO - Mathematics

JF - Mathematics

IS - 22

M1 - 3451

ER -

Fortify the Guardian, Not the Treasure: Resilient Adversarial Detectors

Abstract

Keywords

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this