International Transactions on Electrical Energy Systems (Jan 2022)

Multiple Adversarial Domains Adaptation Approach for Mitigating Adversarial Attacks Effects

  • Bader Rasheed,
  • Adil Khan,
  • Muhammad Ahmad,
  • Manuel Mazzara,
  • S. M. Ahsan Kazmi

DOI
https://doi.org/10.1155/2022/2890761
Journal volume & issue
Vol. 2022

Abstract

Read online

Although neural networks are near achieving performance similar to humans in many tasks, they are susceptible to adversarial attacks in the form of a small, intentionally designed perturbation, which could lead to misclassifications. The best defense against these attacks, so far, is adversarial training (AT), which improves a model’s robustness by augmenting the training data with adversarial examples. However, AT usually decreases the model’s accuracy on clean samples and could overfit to a specific attack, inhibiting its ability to generalize to new attacks. In this paper, we investigate the usage of domain adaptation to enhance AT’s performance. We propose a novel multiple adversarial domain adaptation (MADA) method, which looks at this problem as a domain adaptation task to discover robust features. Specifically, we use adversarial learning to learn features that are domain-invariant between multiple adversarial domains and the clean domain. We evaluated MADA on MNIST and CIFAR-10 datasets with multiple adversarial attacks during training and testing. The results of our experiments show that MADA is superior to AT on adversarial samples by about 4% on average and on clean samples by about 1% on average.