ARGAN: Adversarially Robust Generative Adversarial Networks for Deep Neural Networks Against Adversarial Examples

An adversarial example, which is an input instance with small, intentional feature perturbations to machine learning models, represents a concrete problem in Artificial intelligence safety. As an emerging defense method to defend against adversarial examples, generative adversarial networks-based defense methods have recently been studied. However, the performance of the state-of-the-art generative adversarial networks-based defense methods is limited because the target deep neural network models with generative adversarial networks-based defense methods are robust against <italic>adversarial examples</italic> but make a false decision for <italic>legitimate input data</italic>. To solve the accuracy degradation of the generative adversarial networks-based defense methods for <italic>legitimate input data</italic>, we propose a new generative adversarial networks-based defense method, which is called Adversarially Robust Generative Adversarial Networks(ARGAN). While converting input data to machine learning models using the two-step transformation architecture, ARGAN learns the generator model to reflect the vulnerability of the target deep neural network model against adversarial examples and optimizes parameter values of the generator model for a joint loss function. From the experimental results under various datasets collected from diverse applications, we show that the accuracy of ARGAN for <italic>legitimate input data</italic> is good-enough while keeping the target deep neural network model robust against <italic>adversarial examples</italic>. We also show that the accuracy of ARGAN outperforms the accuracy of the state-of-the-art generative adversarial networks-based defense methods.