International Business Machines Corporation
Adding adversarial robustness to trained machine learning models

Abstract:

One or more hardened machine learning models are secured against adversarial attacks by adding adversarial protection to one or more previously trained machine learning models. To generate the hardened machine learning models, the previously trained machine learning models are retrained and extended using preprocessing layers or using additional network layers which test model performance on benign or adversarial samples. A rollback strategy is additionally implemented to retain intermediate model states during the retraining to provide recovery if a training collapse is detected.