適応免疫システムは、混乱をまき散らす攻撃からニューラルネットを防御するためのテンプレートとして機能する The adaptive immune system serves as a template for defending neural nets from confusion-sowing attacks
2022-03-24 ミシガン大学
<関連情報>
- https://news.umich.edu/immune-to-hacks-inoculating-deep-neural-networks-to-thwart-attacks/
- https://ieeexplore.ieee.org/abstract/document/9718107
RAILS ロバストな敵対的免疫学習システム RAILS: A Robust Adversarial Immune-Inspired Learning System
Ren Wang; Tianqi Chen; Stephen M. Lindsly;Cooper M. Stansbury,;Ren Wang;Tianqi Chen;Stephen M. Lindsly;Cooper M. Stansbury;Alnawaz Rehemtulla;Indika Rajapakse;Alfred O. Hero
IEEE Date of Publication: 21 February 2022 DOI: 10.1109/ACCESS.2022.3153036
Abstract
Adversarial attacks against deep neural networks (DNNs) are continuously evolving, requiring increasingly powerful defense strategies. We develop a novel adversarial defense framework inspired by the adaptive immune system: the Robust Adversarial Immune-inspired Learning System (RAILS). Initializing a population of exemplars that is balanced across classes, RAILS starts from a uniform label distribution that encourages diversity and uses an evolutionary optimization process to adaptively adjust the predictive label distribution in a manner that emulates the way the natural immune system recognizes novel pathogens. RAILS’ evolutionary optimization process explicitly captures the tradeoff between robustness (diversity) and accuracy (specificity) of the network, and represents a new immune-inspired perspective on adversarial learning. The benefits of RAILS are empirically demonstrated under eight types of adversarial attacks on a DNN adversarial image classifier for several benchmark datasets, including: MNIST; SVHN; CIFAR-10; and CIFAR-10. We find that PGD is the most damaging attack strategy and that for this attack RAILS is significantly more robust than other methods, achieving improvements in adversarial robustness by ≥5.62%,12.5% , 10.32%, and 8.39%, on these respective datasets, without appreciable loss of classification accuracy. Codes for the results in this paper are available at
・「RAILSは、自然免疫システムとは異なる動作をする適応免疫システムをモデルにした、敵対的学習への最初のアプローチを表しています」と、アルフレッドヒーローは述べています。
・RAILSは、免疫系の自然な防御を模倣して、神経回路網への疑わしい入力を特定し、最終的に対処することで機能します。開発を始めるにあたり、マウスの適応免疫系が抗原にどのように反応するかを研究した。