Adversarial robust decision-making under uncertainty learning and dynamic ensemble selection

As the adversarial robustness research of deep neural networks has struggled in attack and defense games with static defense methodology, scholars have introduced the dynamic idea of the systems control to changeover the passive defense position though adapting decision-making. According to the different levels at which dynamism acts on neural networks, dynamic defense methods can be mainly divided into two categories: dynamic feedback control based on input level and uncertainty estimation detection based on decision level. Although both methods aim to hinder the success of the attacker, they cannot achieve the perfect conditions for constructing black box attacks because they ignore the positive role of dynamics in defense at the model level. Inspired by conventional ensemble selection technology in machine learning that treats different models as mutable objects for improving accuracy in uncertain data, this work investigates the robustness issue from a new dynamic aspect: model-level dynamic defense, whether the dynamic attributes depend on input or decision. Specifically, the Dirichlet prior combined with diversity constraint is imposed on the ensemble parameter in training phase to construct select criterion and candidate sub-models. Therefore, the final prediction of ensemble can be strategically selected though the rank of different sub-models’ uncertainty value for robust decision-making in the test phase. The experimental results indicate the comprehensive promotion of robustness (at least 4.17% in black-box attack conditions and at least 1.78% in the case of high-disturbance white-box attack budge) of the proposed method compared with common dynamic and static defense methods.