SMART DEFENSE: A STUDENT-TEACHER FRAMEWORK FOR ADAPTIVE ADVERSARIAL ROBUSTNESS

Abstract

Deep neural networks' (DNNs') dependability and security depend on defence against hostile assaults. The most advanced defence techniques available today are very resilient to hostile assaults. Nevertheless, these defence strategies are unable to differentiate between normal instances (NEs) and adversary examples (AEs). As a consequence, they execute categorisation using the same defence procedure for both instances, which degrades NE performance. In this research, we offer a new defence approach based on the student-teacher framework that can identify AEs and apply the defence process exclusively to AEs, hence minimising the deterioration of classification performance for NEs. We train the student network to predict the undistorted hidden layer features of the teacher network (target DNN), focussing on the fact that adversarial assaults would always succeed if the hidden layer features are distorted. As a consequence, our approach can identify AEs by comparing the hidden layer features of the teacher and student networks, and then use the penultimate layer characteristics that the student network predicted to retrieve the classification result of AEs. By conducting comprehensive tests on relevant image classification benchmark datasets, including as CIFAR-10, CIFAR-100, and TinyImagenet, we show that our approach outperforms state-of-the-art techniques in both detection and defence. Additionally, we demonstrate that our approach produces strong detection and defence results for a completely white-box assault, which presumes an attacker is aware of every detail of our detection and defence system.