Analysing the Adversarial Landscape of Binary Stochastic Networks

Yi Xiang Marcus Tan, Yuval Elovici, Alex, er Binder

Information Science and Applications: Proceedings of ICISA 2020, 143-155, 2021

We investigate the robustness of stochastic ANNs to adversarial attacks. We perform experiments on three known datasets. Our experiments reveal similar susceptibility of stochastic ANNs compared to conventional ANNs when confronted with simple iterative gradient-based attacks in the white-box settings. We observe, however, that in black-box settings, SANNs are more robust than conventional ANNs against boundary and surrogate attacks. Consequently, we propose improved attacks against stochastic ANNs. In the first step, we show that using stochastic networks as surrogates outperforms deterministic ones, when performing surrogate-based black-box attacks. In order to further boost adversarial success rates, we propose in a second step the novel Variance Mimicking (VM) surrogate training, and validate its improved performance.