GanDef

A GAN based adversarial training defense for neural network classifier

Guanxiong Liu, Issa Khalil, Abdallah Khreishah

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7%.

Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings
EditorsGurpreet Dhillon, André Zúquete, Fredrik Karlsson, Karin Hedström
PublisherSpringer New York LLC
Pages19-32
Number of pages14
ISBN (Print)9783030223113
DOIs
Publication statusPublished - 1 Jan 2019
Event34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019 - Lisbon, Portugal
Duration: 25 Jun 201927 Jun 2019

Publication series

NameIFIP Advances in Information and Communication Technology
Volume562
ISSN (Print)1868-4238

Conference

Conference34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019
CountryPortugal
CityLisbon
Period25/6/1927/6/19

Fingerprint

Classifier
Neural networks
Natural language processing
Train
Evaluation
Feature selection
Scenarios
Trade-offs
Learning model
Attack
Machine learning
Computer vision

Keywords

  • Adversarial training defense
  • Generative adversarial net
  • Neural network classifier

ASJC Scopus subject areas

  • Information Systems and Management

Cite this

Liu, G., Khalil, I., & Khreishah, A. (2019). GanDef: A GAN based adversarial training defense for neural network classifier. In G. Dhillon, A. Zúquete, F. Karlsson, & K. Hedström (Eds.), ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings (pp. 19-32). (IFIP Advances in Information and Communication Technology; Vol. 562). Springer New York LLC. https://doi.org/10.1007/978-3-030-22312-0_2

GanDef : A GAN based adversarial training defense for neural network classifier. / Liu, Guanxiong; Khalil, Issa; Khreishah, Abdallah.

ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. ed. / Gurpreet Dhillon; André Zúquete; Fredrik Karlsson; Karin Hedström. Springer New York LLC, 2019. p. 19-32 (IFIP Advances in Information and Communication Technology; Vol. 562).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Liu, G, Khalil, I & Khreishah, A 2019, GanDef: A GAN based adversarial training defense for neural network classifier. in G Dhillon, A Zúquete, F Karlsson & K Hedström (eds), ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. IFIP Advances in Information and Communication Technology, vol. 562, Springer New York LLC, pp. 19-32, 34th IFIP TC 11 International Conference on Information Security and Privacy Protection, SEC 2019, Lisbon, Portugal, 25/6/19. https://doi.org/10.1007/978-3-030-22312-0_2
Liu G, Khalil I, Khreishah A. GanDef: A GAN based adversarial training defense for neural network classifier. In Dhillon G, Zúquete A, Karlsson F, Hedström K, editors, ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. Springer New York LLC. 2019. p. 19-32. (IFIP Advances in Information and Communication Technology). https://doi.org/10.1007/978-3-030-22312-0_2
Liu, Guanxiong ; Khalil, Issa ; Khreishah, Abdallah. / GanDef : A GAN based adversarial training defense for neural network classifier. ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings. editor / Gurpreet Dhillon ; André Zúquete ; Fredrik Karlsson ; Karin Hedström. Springer New York LLC, 2019. pp. 19-32 (IFIP Advances in Information and Communication Technology).
@inproceedings{4e3cd1b3edb445c78efeda05c33a791b,
title = "GanDef: A GAN based adversarial training defense for neural network classifier",
abstract = "Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7{\%}.",
keywords = "Adversarial training defense, Generative adversarial net, Neural network classifier",
author = "Guanxiong Liu and Issa Khalil and Abdallah Khreishah",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-22312-0_2",
language = "English",
isbn = "9783030223113",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer New York LLC",
pages = "19--32",
editor = "Gurpreet Dhillon and Andr{\'e} Z{\'u}quete and Fredrik Karlsson and Karin Hedstr{\"o}m",
booktitle = "ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings",

}

TY - GEN

T1 - GanDef

T2 - A GAN based adversarial training defense for neural network classifier

AU - Liu, Guanxiong

AU - Khalil, Issa

AU - Khreishah, Abdallah

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7%.

AB - Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples – carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7%.

KW - Adversarial training defense

KW - Generative adversarial net

KW - Neural network classifier

UR - http://www.scopus.com/inward/record.url?scp=85068206491&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85068206491&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-22312-0_2

DO - 10.1007/978-3-030-22312-0_2

M3 - Conference contribution

SN - 9783030223113

T3 - IFIP Advances in Information and Communication Technology

SP - 19

EP - 32

BT - ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Proceedings

A2 - Dhillon, Gurpreet

A2 - Zúquete, André

A2 - Karlsson, Fredrik

A2 - Hedström, Karin

PB - Springer New York LLC

ER -