Since Deep Neural Networks (DNNs) have been more and more widely used in safety-critical Intelligent System (IS) applications, the robustness of DNNs becomes a great concern in IS design. Due to the vulnerability of DNN models, adversarial examples generated by malicious attacks may result in disasters. Although there are plenty of defense methods for these adversarial attacks, existing methods can only resist special adversarial attacks. Meanwhile, the accuracy of existing methods degrades dramatically when they process nature examples. To address this problem, we propose an effective Cooperative Defensive Architecture (CDA) that can enhance the robustness of IS devices by integrating heterogeneous base classifiers. Because of the parallel mechanism in ensemble learning, the compressed heterogeneous base classifiers do not increase the prediction time on device. Comprehensive experimental results show that the modified DNNs by our approach cannot only resist adversarial examples more effectively than original model, but also achieve a high accuracy when they process nature examples.

中文翻译：

---

一种针对对抗性攻击的基于集成学习的合作防御架构

由于深度神经网络 (DNN) 在安全关键型智能系统 (IS) 应用中的应用越来越广泛，因此 DNN 的鲁棒性成为 IS 设计中非常关注的问题。由于 DNN 模型的脆弱性，恶意攻击产生的对抗样本可能会导致灾难。尽管这些对抗性攻击有很多防御方法，但现有的方法只能抵抗特殊的对抗性攻击。同时，现有方法在处理自然实例时，其准确性会急剧下降。为了解决这个问题，我们提出了一种有效的协作防御架构（CDA），它可以通过集成异构基分类器来增强 IS 设备的鲁棒性。由于集成学习中的并行机制，压缩的异构基分类器不会增加设备上的预测时间。综合实验结果表明，我们的方法改进后的 DNN 不仅比原始模型更有效地抵抗对抗性示例，而且在处理自然示例时也达到了较高的准确性。