Ensemble-based Adversarial Defense Using Diversified Distance Mapping
Ehsan Kazemi, Mohamed E. Hussein, Wael AbdAlmgaeed
Unverified — Be the first to reproduce this paper.
ReproduceAbstract
We propose an ensemble-based defense against adversarial examples using distance map layers (DMLs). Similar to linear (map) layers, DMLs can be used to output logits for a multi-class classification model. We show in this paper how DMLs can be deployed to prevent transferablility of attacks across ensemble members by adapting pairwise (almost) orthogonal covariance matrices. We also illustrate how DMLs provide an efficient way to regularize the Lipschitz constant of the ensemble's member models, which further boosts the resulting robustness. This mechanism could be utilized for pre-trained networks as priors to form an ensemble of networks with enhanced diversity in prediction errors. Through empirical evaluations across multiple datasets and attack models, we demonstrate that the ensembles based on DMLs can achieve high benign accuracy while exhibiting robustness against adversarial attacks.