Calibrated Multi-Probabilistic Prediction as a Defense against Adversarial Attacks
We propose the MultIVAP, a scalable technique for hedging the predictions of any machine learning classifier. The algorithm incurs a reasonably small computational overhead and is able to significantly increase the robustness of the underlying model to adversarial perturbations without sacrificing accuracy. This increase in robustness is experimentally confirmed against defense-oblivious attacks as well as a white-box attack specifically designed for the MultIVAP.
Jonathan Peck received the B.Sc. degree in Computer Science and M.Sc. in Mathematical Informatics at Ghent University, Belgium, in 2015 and 2017 respectively. He is currently pursuing a Ph.D. at Ghent University, sponsored by a fellowship of the Research Foundation Flanders (FWO). His research focuses on improving the robustness of machine learning models to adversarial manipulations.