Adobe Inc.
GENERATING TRAINED NEURAL NETWORKS WITH INCREASED ROBUSTNESS AGAINST ADVERSARIAL ATTACKS

Abstract:

The present disclosure relates to systems, methods, and non-transitory computer readable media for generating trained neural network with increased robustness against adversarial attacks by utilizing a dynamic dropout routine and/or a cyclic learning rate routine. For example, the disclosed systems can determine a dynamic dropout probability distribution associated with neurons of a neural network. The disclosed systems can further drop neurons from a neural network based on the dynamic dropout probability distribution to help neurons learn distinguishable features. In addition, the disclosed systems can utilize a cyclic learning rate routine to force copy weights of a copy neural network away from weights of an original neural network without decreasing prediction accuracy to ensure that the decision boundaries learned are different.