A random deep feature selection approach to mitigate transferable adversarial attacks

Machine learning and deep learning are transformative forces reshaping our networks, industries, services, and ways of life. However, the susceptibility of these intelligent systems to adversarial attacks remains a significant issue. On the one hand, recent studies have demonstrated the potential transferability of adversarial attacks across diverse models. On the other hand, existing defense mechanisms are vulnerable to advanced attacks or are often limited to certain attack types. This study proposes a random deep feature selection approach to mitigate such transferability and improve the robustness of models against adversarial manipulations. Our approach is designed to strengthen deep models against poisoning (e.g., label flipping) and exploratory (e.g., DeepFool, BIM, FGSM, I-FGSM, L-BFGS, C&W, JSMA, and PGD) attacks that are applied in both the training and testing stages, and Transfer Learning-Based Adversarial Attacks. We consider scenarios involving perfect and semi-knowledgeable attackers. The performance of our approach is evaluated through extensive experiments on the renowned UNSW-NB15 dataset, including both real-world and synthetic data, covering a wide range of modern attack behaviors and benign activities. The results indicate that our approach boosts the effectiveness of the target network to over 80% against labelflipping poisoning attacks and over 60% against all major types of exploratory attacks.