Biological Neural Networks as Defense against Adversarial Attacks
Abstract:
In recent years, more and more importance is given to interpretability in the machine learning field. The best known and most famous area in which the interpretability of a neural network is needed is that of cyber-security. The first paper to expose the potential issue is by Szegedy et al. (2014), in ”Intriguing properties of neural networks”, in which it is shown how an image, if altered in the right way, can be completely misclassified by a network trained to classify images.
In this thesis I proposed a new method based on a hybrid network, i.e. half biological and half artificial, in order to develop a neural network that shows adversarial robustness, capable of resisting to many different adversarial attacks. The biological part will be based on the hebbian and anti-hebbian neural dynamics, while the artificial one will be based on specialized neurons and probability.