SYSTEM FOR DUAL-FILTERING FOR LEARNING SYSTEMS TO PREVENT ADVERSARIAL ATTACKS

摘要

A Dual-Filtering (DF) system to provide a robust Machine Learning (ML) platform against adversarial attacks. It employs different filtering mechanisms (one at the input and the other at the output/decision end of the learning system) to thwart adversarial attacks. The developed dual-filter software can be used as a wrapper to any existing ML-based decision support system to prevent a wide variety of adversarial evasion attacks. The DF framework utilizes two filters based on positive (input filter) and negative (output filter) verification strategies that can communicate with each other for higher robustness.