Abstract
We investigate the robustness of stochastic ANNs to adversarial attacks. We perform experiments on three known datasets. Our experiments reveal similar susceptibility of stochastic ANNs compared to conventional ANNs when confronted with simple iterative gradient-based attacks in the white-box settings. We observe, however, that in black-box settings, SANNs are more robust than conventional ANNs against boundary and surrogate attacks. Consequently, we propose improved attacks against stochastic ANNs. In the first step, we show that using stochastic networks as surrogates outperforms deterministic ones, when performing surrogate-based black-box attacks. In order to further boost adversarial success rates, we propose in a second step the novel Variance Mimicking (VM) surrogate training, and validate its improved performance.
Author supplied keywords
Cite
CITATION STYLE
Tan, Y. X. M., Elovici, Y., & Binder, A. (2021). Analysing the Adversarial Landscape of Binary Stochastic Networks. In Lecture Notes in Electrical Engineering (Vol. 739 LNEE, pp. 143–155). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-33-6385-4_14
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
