Late Breaking Results: Fortifying Neural Networks: Safeguarding Against Adversarial Attacks with Stochastic Computing
Faeze S. Banitaba, Sercan Aygun, M. Hassan Najafi
TL;DR
This work addresses the vulnerability of neural networks to adversarial examples by introducing stochastic computing as a defense mechanism during inference. By relocating key computations to the stochastic domain—especially in the first convolutional layer—and performing bit-stream multiplications with quasi-random Sobol sequences, the approach preserves training while enhancing robustness against manipulated inputs. Experimental results on LeNet-5 (MNIST) and ResNet-20 (CIFAR-10) show substantial improvements under a white-box $L_2$ attack, with accuracy recovering from near-zero under attack to as high as ~79–85% depending on the bit-stream length $N$. The findings suggest SC-enabled architectures can deliver secure, reliable AI performance in adversarial settings without requiring attacker data-blocking or retraining, with broad applicability to both simple and deep networks.
Abstract
In neural network (NN) security, safeguarding model integrity and resilience against adversarial attacks has become paramount. This study investigates the application of stochastic computing (SC) as a novel mechanism to fortify NN models. The primary objective is to assess the efficacy of SC to mitigate the deleterious impact of attacks on NN results. Through a series of rigorous experiments and evaluations, we explore the resilience of NNs employing SC when subjected to adversarial attacks. Our findings reveal that SC introduces a robust layer of defense, significantly reducing the susceptibility of networks to attack-induced alterations in their outcomes. This research contributes novel insights into the development of more secure and reliable NN systems, essential for applications in sensitive domains where data integrity is of utmost concern.