Comparing Speed Reduction of Adversarial Defense Systems on Deep Neural Networks

In the field of Adversarial Machine Learning, several defense systems are employed to protect machine learning systems from data poisoning attacks, where the training or testing data is altered to invalidate the prediction model created by the system. Although many defense systems have been proposed to combat poisoning attacks, comparisons between the effectiveness and performance cost of these defense systems are few. To address this issue, the NULL label and Adversarial Training methods were implemented to protect a machine learning system against various amounts of data poisoning. The NULL Label proved to not only provide better defense on average, but also did not affect performance as much as Adversarial Training. Although no trade-off between performance and accuracy was detected in the experiment, this work will hopefully provide a framework for future experimentation into this matter.