Systems and methods for increasing robustness of machine-learned models and other software systems against adversarial attacks

摘要

The present disclosure provides systems and methods that reduce vulnerability of software systems (e.g., machine-learned models) to adversarial attacks by increasing variety within the software system. In particular, a software system can include a number of subcomponents that interoperate using predefined interfaces. To increase variety within the software system, multiple, different versions of one or more of the subcomponents of the software system can be generated. In particular, the different versions of the subcomponent(s) can be different from each other in some way, while still remaining functionally equivalent (e.g., able to perform the same functions with comparable accuracy/success). A plurality of different variants of the software system can be constructed by mixing and matching different versions of the subcomponents. A large amount of variety can be exhibited by the variants of the software system deployed at a given time, thereby leading to increased robustness against adversarial attacks.