ZK-GanDef: A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks

Guanxiong Liu, Issa Khalil, Abdallah Khreishah

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Neural Network classifiers have been used successfully in a wide range of applications. However, their underlying assumption of attack free environment has been defied by adversarial examples. Researchers tried to develop defenses; however, existing approaches are still far from providing effective solutions to this evolving problem. In this paper, we design a generative adversarial net (GAN) based zero knowledge adversarial training defense, dubbed ZK-GanDef, which does not consume adversarial examples during training. Therefore, ZK-GanDef is not only efficient in training but also adaptive to new adversarial examples. This advantage comes at the cost of small degradation in test accuracy compared to full knowledge approaches. Our experiments show that ZK-GanDef enhances test accuracy on adversarial examples by up-To 49.17% compared to zero knowledge approaches. More importantly, its test accuracy is close to that of the state-of-The-Art full knowledge approaches (maximum degradation of 8.46%), while taking much less training time.

Original languageEnglish
Title of host publicationProceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages64-75
Number of pages12
ISBN (Electronic)9781728100562
DOIs
Publication statusPublished - 1 Jun 2019
Event49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019 - Portland, United States
Duration: 24 Jun 201927 Jun 2019

Publication series

NameProceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019

Conference

Conference49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019
CountryUnited States
CityPortland
Period24/6/1927/6/19

Fingerprint

Neural networks
Degradation
Classifiers
Experiments

Keywords

  • Adversarial Training Defense
  • full knowledge training
  • Generative Adversarial Nets
  • zero knowledge training

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture

Cite this

Liu, G., Khalil, I., & Khreishah, A. (2019). ZK-GanDef: A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks. In Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019 (pp. 64-75). [8809515] (Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN.2019.00021

ZK-GanDef : A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks. / Liu, Guanxiong; Khalil, Issa; Khreishah, Abdallah.

Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 64-75 8809515 (Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Liu, G, Khalil, I & Khreishah, A 2019, ZK-GanDef: A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks. in Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019., 8809515, Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019, Institute of Electrical and Electronics Engineers Inc., pp. 64-75, 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019, Portland, United States, 24/6/19. https://doi.org/10.1109/DSN.2019.00021
Liu G, Khalil I, Khreishah A. ZK-GanDef: A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks. In Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 64-75. 8809515. (Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019). https://doi.org/10.1109/DSN.2019.00021
Liu, Guanxiong ; Khalil, Issa ; Khreishah, Abdallah. / ZK-GanDef : A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks. Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 64-75 (Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019).
@inproceedings{2090f6333bbd4a1abda2b486e2807e3f,
title = "ZK-GanDef: A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks",
abstract = "Neural Network classifiers have been used successfully in a wide range of applications. However, their underlying assumption of attack free environment has been defied by adversarial examples. Researchers tried to develop defenses; however, existing approaches are still far from providing effective solutions to this evolving problem. In this paper, we design a generative adversarial net (GAN) based zero knowledge adversarial training defense, dubbed ZK-GanDef, which does not consume adversarial examples during training. Therefore, ZK-GanDef is not only efficient in training but also adaptive to new adversarial examples. This advantage comes at the cost of small degradation in test accuracy compared to full knowledge approaches. Our experiments show that ZK-GanDef enhances test accuracy on adversarial examples by up-To 49.17{\%} compared to zero knowledge approaches. More importantly, its test accuracy is close to that of the state-of-The-Art full knowledge approaches (maximum degradation of 8.46{\%}), while taking much less training time.",
keywords = "Adversarial Training Defense, full knowledge training, Generative Adversarial Nets, zero knowledge training",
author = "Guanxiong Liu and Issa Khalil and Abdallah Khreishah",
year = "2019",
month = "6",
day = "1",
doi = "10.1109/DSN.2019.00021",
language = "English",
series = "Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "64--75",
booktitle = "Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019",

}

TY - GEN

T1 - ZK-GanDef

T2 - A GAN Based Zero Knowledge Adversarial Training Defense for Neural Networks

AU - Liu, Guanxiong

AU - Khalil, Issa

AU - Khreishah, Abdallah

PY - 2019/6/1

Y1 - 2019/6/1

N2 - Neural Network classifiers have been used successfully in a wide range of applications. However, their underlying assumption of attack free environment has been defied by adversarial examples. Researchers tried to develop defenses; however, existing approaches are still far from providing effective solutions to this evolving problem. In this paper, we design a generative adversarial net (GAN) based zero knowledge adversarial training defense, dubbed ZK-GanDef, which does not consume adversarial examples during training. Therefore, ZK-GanDef is not only efficient in training but also adaptive to new adversarial examples. This advantage comes at the cost of small degradation in test accuracy compared to full knowledge approaches. Our experiments show that ZK-GanDef enhances test accuracy on adversarial examples by up-To 49.17% compared to zero knowledge approaches. More importantly, its test accuracy is close to that of the state-of-The-Art full knowledge approaches (maximum degradation of 8.46%), while taking much less training time.

AB - Neural Network classifiers have been used successfully in a wide range of applications. However, their underlying assumption of attack free environment has been defied by adversarial examples. Researchers tried to develop defenses; however, existing approaches are still far from providing effective solutions to this evolving problem. In this paper, we design a generative adversarial net (GAN) based zero knowledge adversarial training defense, dubbed ZK-GanDef, which does not consume adversarial examples during training. Therefore, ZK-GanDef is not only efficient in training but also adaptive to new adversarial examples. This advantage comes at the cost of small degradation in test accuracy compared to full knowledge approaches. Our experiments show that ZK-GanDef enhances test accuracy on adversarial examples by up-To 49.17% compared to zero knowledge approaches. More importantly, its test accuracy is close to that of the state-of-The-Art full knowledge approaches (maximum degradation of 8.46%), while taking much less training time.

KW - Adversarial Training Defense

KW - full knowledge training

KW - Generative Adversarial Nets

KW - zero knowledge training

UR - http://www.scopus.com/inward/record.url?scp=85072117412&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072117412&partnerID=8YFLogxK

U2 - 10.1109/DSN.2019.00021

DO - 10.1109/DSN.2019.00021

M3 - Conference contribution

AN - SCOPUS:85072117412

T3 - Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019

SP - 64

EP - 75

BT - Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019

PB - Institute of Electrical and Electronics Engineers Inc.

ER -