Abstract
Although neural networks are near achieving performance similar to humans in many tasks, they are susceptible to adversarial attacks in the form of a small, intentionally designed perturbation, which could lead to misclassifications. The best defense against these attacks, so far, is adversarial training (AT), which improves a model's robustness by augmenting the training data with adversarial examples. However, AT usually decreases the model's accuracy on clean samples and could overfit to a specific attack, inhibiting its ability to generalize to new attacks. In this paper, we investigate the usage of domain adaptation to enhance AT's performance. We propose a novel multiple adversarial domain adaptation (MADA) method, which looks at this problem as a domain adaptation task to discover robust features. Specifically, we use adversarial learning to learn features that are domain-invariant between multiple adversarial domains and the clean domain. We evaluated MADA on MNIST and CIFAR-10 datasets with multiple adversarial attacks during training and testing. The results of our experiments show that MADA is superior to AT on adversarial samples by about 4% on average and on clean samples by about 1% on average.
| Original language | English |
|---|---|
| Article number | 2890761 |
| Journal | International Transactions on Electrical Energy Systems |
| Volume | 2022 |
| DOIs | |
| State | Published - 2022 |
| Externally published | Yes |
Bibliographical note
Publisher Copyright:© 2022 Bader Rasheed et al.
ASJC Scopus subject areas
- Modeling and Simulation
- Energy Engineering and Power Technology
- Electrical and Electronic Engineering