ZK-GanDef: A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks

Guanxiong Liu, Issa Khalil, Abdallah Khreishah

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Neural Network classifiers have been used successfully in a wide range of applications. However, their underlying assumption of attack free environment has been defied by adversarial examples. Researchers tried to develop defenses; however, existing approaches are still far from providing effective solutions to this evolving problem. In this paper, we design a generative adversarial net (GAN) based zero knowledge adversarial training defense, dubbed ZK-GanDef, which does not consume adversarial examples during training. Therefore, ZK-GanDef is not only efficient in training but also adaptive to new adversarial examples. This advantage comes at the cost of small degradation in test accuracy compared to full knowledge approaches. Our experiments show that ZK-GanDef enhances test accuracy on adversarial examples by up-To 49.17% compared to zero knowledge approaches. More importantly, its test accuracy is close to that of the state-of-The-Art full knowledge approaches (maximum degradation of 8.46%), while taking much less training time.

Original languageEnglish
Title of host publicationProceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages64-75
Number of pages12
ISBN (Electronic)9781728100562
DOIs
Publication statusPublished - 1 Jun 2019
Event49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019 - Portland, United States
Duration: 24 Jun 201927 Jun 2019

Publication series

NameProceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019

Conference

Conference49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
CountryUnited States
CityPortland
Period24/6/1927/6/19

    Fingerprint

Keywords

  • Adversarial Training Defense
  • full knowledge training
  • Generative Adversarial Nets
  • zero knowledge training

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture

Cite this

Liu, G., Khalil, I., & Khreishah, A. (2019). ZK-GanDef: A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks. In Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019 (pp. 64-75). [8809515] (Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN.2019.00021