Abstract
Neural Networks such as Deep and Convolutional Neural Networks are undoubtedly great at learning patterns in data and using that knowledge to perform exceptionally well in real-time, particularly in domains such as location-based services. Still, they fail to protect themselves from adversarial attacks.
Adversarial attacks comprising Momentum Iterative Method (MIM), Projected Gradient Descent (PGD), and Fast Gradient Sign Method (FGSM) are well known to fool the neural networks by adding perturbations to the original data. We focus on the training and defense of models against adversarial attacks on indoor localization and floor classification applications as predicting inaccurate location coordinates may be disastrous. We introduce and implement Neural Structured Learning that utilizes the adversarial samples to bind the model with the data such that the model will be less vulnerable against adversarial attacks.
We will perform Adversarial training on the DNN model. The adversarial trained DNN model will face the three white-box attack methods mentioned above, and the performances are measured. To compare with the DNN model, we then implement TensorFlow's Neural Structured Learning (NSL) model. The NSL is trained with the original data and adversarial data separately. Both NSL models also face the same attacks as the DNN model for a fair comparison.