Dropout in Testing Phase Makes Adversarial Samples Generation Difficult
Abstract— Deep neural network (DNN) brings the rapid development of pattern recognition algorithm. However, experiments show the vulnerability of deep neural network. This paper studied the problem of generating adversarial samples when we adopt dropout in testing phase. Based on MNIST database, we test four adversarial generation algorithms, two types of adversarial samples, and dropout in different layers of DNN. Several conclusions are obtained: (1) Dropout in testing phase makes DNN more robust with tiny performance loss. (2) Dropout in fully connected layer is the most efficient manner to improve the robustness of DNN. (3) Dropout has different impact on different adversarial samples generation algorithms.
Index Terms— Deep learning, Deep neural network, Dropout, Adversarial sample
Yuan Wang, Zhiming Wang, Xucheng Yin, Chao Zhu
School of Computer and Communication Engineering, University of Science and Technology Beijing, CHINA
Cite: Yuan Wang, Zhiming Wang, Xucheng Yin, Chao Zhu, "Dropout in Testing Phase Makes Adversarial Samples Generation Difficult," Proceedings of 2019 the 9th International Workshop on Computer Science and Engineering, pp. 117-123, Hong Kong, 15-17 June, 2019.