Stochastic Neural Networks (SNNs) that inject noise into their hidden layers have recently been shown to achieve strong robustness against adversarial attacks. However, existing SNNs are usually heuristically motivated, and further rely on adversarial training, which is computationally costly and biases models' defense towards a specific attack. We propose a new SNN that achieves state-of-the-art performance without relying on adversarial training, and enjoys solid theoretical justification. Specifically, while existing SNNs inject learned or hand-tuned isotropic noise, our SNN learns an anisotropic noise distribution to optimize a learning-theoretic bound on adversarial robustness. We evaluate our method on three benchmarks (CIFAR-10, SVHN, F-MNIST), show that it can be applied to different architectures (ResNet-18, LeNet++), and that it provides robustness to a variety of white-box and black-box attacks, while being simple and fast to train compared to existing alternatives. The source code is openly available on GitHub: https://github.com/peustr/A2SNN.

本文提出一种新的随机神经网络，学习一种非同向噪声分布并优化学习理论上的鲁棒性，从而实现对各种白盒和黑盒攻击的强鲁棒性，相较于现有替代方案更为简单且训练速度更快。

对抗鲁棒神经网络的权重-协方差对齐