The art of defense: letting networks fool the attacker

Some deep neural networks are invariant to some input transformations, such as Pointnet is permutation invariant to the input point cloud. In this paper, we demonstrated this property could be powerful in defense of gradient-based attacks. Specifically, we apply random input transformation which is invariant to the networks we want to defend. Extensive experiments demonstrate that the proposed scheme defeats various gradient-based attackers in the targeted attack setting, and breaking the attack accuracy into nearly zero. Our code is available at: {\footnotesize{\url{https://github.com/cuge1995/IT-Defense}}}

Improve Generalization and Robustness of Neural Networks via Weight Scale Shifting Invariant Regularizations

Using weight decay to penalize the L2 norms of weights in neural networks has been a standard training practice to regularize the complexity of networks. In this paper, we show that a family of regularizers, including weight decay, is ineffective at penalizing the intrinsic norms of weights for networks with positively homogeneous activation functions, such as linear, ReLU and max-pooling functions. As a result of homogeneity, functions specified by the networks are invariant to the shifting of weight scales between layers. The ineffective regularizers are sensitive to such shifting and thus poorly regularize the model capacity, leading to overfitting. To address this shortcoming, we propose an improved regularizer that is invariant to weight scale shifting and thus effectively constrains the intrinsic norm of a neural network. The derived regularizer is an upper bound for the input gradient of the network so minimizing the improved regularizer also benefits the adversarial robustness. Residual connections are also considered and we show that our regularizer also forms an upper bound to input gradients of such a residual network. We demonstrate the efficacy of our proposed regularizer on various datasets and neural network architectures at improving generalization and adversarial robustness.Comment: 14 pages, 5 figure

Cognitive Grasping System: A Grasping Solution for Industrial Robotic Manipulation using Convolutional Neural Network

Abstract In the modern era, object grasping has thousands of use cases across industries and loads of manual effort is devoted to repetitive tasks. Automating this task is important and the use of robots with embedded artificial intelligence is the key for improving grasping operations. Over the years many researches have been working on object grasping to make this operation as flexible as possible. Starting from the latest results of the use of Convolutional Neural Network, the proposed work aims at optimizing the results of the grasping tasks to make it reliable for an industrial use. Limitations are analyzed and new parameters are defined in order to make the manipulation task repeatable in terms of robot grasp position. In fact, in an automated production line, this is an important problem to consider because in many situations the object has to be positioned always in the same position with the same orientation