Sensitivity based robust learning for stacked autoencoder against evasion attack

摘要

Although deep learning has achieved excellent performance in many applications, some studies indicate that deep learning algorithms are vulnerable in an adversarial environment. A small distortion on a sample leads to misclassification easily. Until now, the vulnerability issue of stacked autoencoder, which is one of the most popular deep learning algorithms, has not been investigated. In this paper, we firstly investigate the existing evasion attack to stacked autoencoder in an effort to understand whether, and to what extent, they can work efficiently. A robust learning algorithm which minimizes both its error and sensitivity is then proposed for stacked autoencoder. The sensitivity is defined as the change of the output due to a small fluctuation on the input. As the proposed algorithm considers not only accuracy but also stability, a more robust stacked autoencoder against evasion attack is expected. The performance of our methods is then evaluated and compared with conventional stacked autoencoder and denoising autoencoder experimentally in terms of accuracy, robustness and time complexity. Moreover, the experimental results also suggest that the proposed learning method is more robust than others when a training set is contaminated. (C) 2017 Elsevier B.V. All rights reserved.