Enhancing Adversarial Robustness via Stochastic Robust Framework

Despite deep neural networks (DNNs) have attained remarkable success in image classification, the vulnerability of DNNs to adversarial attacks poses significant security risks to their reliability. The design of robust modules in adversarial defense often focuses excessively on individual layers of the model architecture, overlooking the important inter-module facilitation. To this issue, this paper proposes a novel stochastic robust framework that employs the Random Local winner take all module and the random Normalization Aggregation module (RLNA). RLNA designs a random competitive selection mechanism to filter out outputs with high confidence in the classification. This filtering process improves the model's robustness against adversarial attacks. Moreover, we employ a novel balance strategy in adversarial training (AT) to optimize the trade-off between robust accuracy and natural accuracy. Empirical evidence demonstrates that RLNA achieves state-of-the-art robustness accuracy against powerful adversarial attacks on two benchmarking datasets, CIFAR-10 and CIFAR-100. Compared to the method that focuses on individual network layers, RLNA achieves a remarkable 24.78% improvement in robust accuracy on CIFAR-10.