Bamboo: Ball-shape data augmentation against adversarial attacks from all directions

Published

Conference Paper

© 2019 CEUR-WS. All rights reserved. The robustness of Deep neural networks (DNNs) has been recently challenged by adversarial attacks State-of-the-art defending algorithms improve DNNs’ robustness by paying high computational costs. Moreover, these approaches are usually designed against one or a few known attacking techniques only. The effectiveness to defend other types of attacking methods cannot be guaranteed. In this work, we propose Bamboo – the first data augmentation method designed for improving the general robustness of DNN without any hypothesis on the attacking algorithms. Our experiments show that Bamboo substantially improve the general robustness against arbitrary types of attacks and noises, achieving better results comparing to previous adversarial training methods, robust optimization methods and other data augmentation methods with the same amount of data points.

Duke Authors

Cited Authors

  • Yang, H; Zhang, J; Cheng, HP; Wang, W; Chen, Y; Li, H

Published Date

  • January 1, 2019

Published In

Volume / Issue

  • 2301 /

International Standard Serial Number (ISSN)

  • 1613-0073

Citation Source

  • Scopus