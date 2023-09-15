Feature-space noise in ANNs: Boosts resilience, thwarts attacks.

Researchers at the University of Tokyo Graduate School of Medicine have developed a novel method to enhance the resilience of artificial neural networks (ANNs) against adversarial attacks.

ANNs, inspired by the human brain, are prone to misinterpretations of input data, which can lead to potentially dangerous consequences, such as in driverless cars and medical diagnostic systems.

Traditional defenses against attacks on ANNs often focus on introducing noise into the initial input layer. However, this approach has limitations. Graduate student Jumpei Ukita and Professor Kenichi Ohki proposed a new defense strategy by adding noise not only to the input layer but also to deeper layers within the network.

Their inspiration came from their background in studying the human brain, where noise can enhance adaptability. The researchers demonstrated that introducing noise to deeper layers of ANNs improved their adaptability and reduced susceptibility to simulated adversarial attacks.

The new defense method, which the researchers call “feature-space noise,” is designed to counter attacks that mislead the ANN by subtly altering input data, making it appear different from what the network expects. While the approach proved effective in their experiments, the team aims to refine and expand it to defend against various types of attacks in the ever-evolving landscape of AI security.

Ukita noted that the ongoing battle between attackers and defenders in AI security requires continuous innovation to protect systems used in everyday life. The researchers are committed to further developing their method to safeguard AI systems from potential threats.

