Towards Robust Ensemble Defense Against Adversarial Examples Attack

With recent advancements in the field of artificial intelligence, deep learning has created a niche in the technology space and is being actively used in autonomous and IoT systems globally. Unfortunately, these deep learning models have become susceptible to adversarial attacks that can severely impact its integrity. Research has shown that many state-of-the-art models are vulnerable to attacks by well- crafted adversarial examples. These adversarial examples are perturbed versions of clean data with a small amount of noise added to it. These adversarial samples are imperceptible to the human eye yet they can easily fool the targeted model. The exposed vulnerabilities of these models raise the question of their usability in safety-critical real-world applications such as autonomous driving and medical applications. In this work, we have documented the effectiveness of six different gradient-based adversarial attacks on ResNet image recognition model. Defending against these adversaries is challenging. Adversarial re-training has been one of the widely used defense technique. It aims at training a more robust model capable of handling the adversarial examples attack by itself. We showcase the limitations of traditional adversarial-retraining techniques that could be effective against some adversaries but does not protect against more sophisticated attacks. We present a new ensemble defense strategy using adversarial retraining technique that is capable of withstanding six adversarial attacks on cifar10 dataset with a minimum accuracy of 89.31%.