Modelling the Uncertainty of a Deep Neural Network Enhances its Adversarial Robustness

摘要: Deep Neural Networks (DNNs) have achieved state-of-the-art performance in several applications, whereas they are extremely vulnerable to adversarial perturbations of inputs. This work first investigates bounds on the misclassification error as a funcion of the goodness of the fit and the uncertainty of the classifier. Then, these bounds are used to define a novel loss function based on the conditional entropy and the Rényi divergence. Our empirical studies, on MNIST, CIFAR-10 and SVHN datasets, show that, with no further modifications, the proposed loss leads to a significant enhancement in the robustness of DNNs to adversarial examples with respect to the standard categorical cross-entropy.