Polarizing Front Ends For Robust Cnns

The vulnerability of deep neural networks to small, adversarially designed perturbations can be attributed to their “excessive linearity.” In this paper, we propose a bottom-up strategy for attenuating adversarial perturbations using a nonlinear front end which polarizes and quantizes the data. We observe that ideal polarization can be utilized to completely eliminate perturbations, develop algorithms to learn approximately polarizing bases for data, and investigate the effectiveness of the proposed strategy on the MNIST and Fashion MNIST datasets.