Computer Engineering Commons^™

Adversarial Training Of Deep Neural Networks, Anabetsy Termini

CCE Theses and Dissertations

Deep neural networks used for image classification are highly susceptible to adversarial attacks. The de facto method to increase adversarial robustness is to train neural networks with a mixture of adversarial images and unperturbed images. However, this method leads to robust overfitting, where the network primarily learns to recognize one specific type of attack used to generate the images while remaining vulnerable to others after training. In this dissertation, we performed a rigorous study to understand whether combinations of state of the art data augmentation methods with Stochastic Weight Averaging improve adversarial robustness and diminish adversarial overfitting across a wide …