Jia Yifan,Poskitt Christopher M.,Zhang Peixin,Wang Jingyi,Sun Jun,Chattopadhyay Sudipta

DOI: https://doi.org/10.1109/lra.2023.3327934

2023-01-01

Abstract:AI-enabled collaborative robots are designed to be used in close collaboration with humans, thus requiring stringent safety standards and quick response times. Adversarial attacks pose a significant threat to the deep learning models of these systems, making it crucial to develop methods to improve the models' robustness against them. Adversarial training is one approach to improve their robustness: it works by augmenting the training data with adversarial examples. This, unfortunately, comes with the cost of increased computational overhead and extended training times. In this work, we balance the need for additional adversarial data with the goal of minimizing the training costs by selecting the most ‘valuable’ data for adversarial training. In particular, we propose a robustness-oriented boundary data selection method, RAST-AT, which stands for robust and fast adversarial training. RAST-AT selects training data near to the boundary by considering adversarial perturbations. Our method improves the speed of model training on CIFAR-10 by 68.67%, and compared to other data selection methods, has 10% higher accuracy with 10% training data selected, and 7% higher robustness with 4% training data selected. Our method also significantly improves efficiency by at least 25% in adversarial training, with the same performance. Finally, we evaluate our method on a cobot system, generating adversarial patches as attacks, and adopting RAST-AT as the defense. We find that RAST-AT can defend against 60% of untargeted attacks and 20% of targeted attacks. Our work highlights the benefits of developing effective defenses against adversarial attacks to ensure the security and reliability of AI-powered safety-critical systems.

Xingbin Liu,Huafeng Kuang,Xianming Lin,Yongjian Wu,Rongrong Ji

DOI: https://doi.org/10.48550/arxiv.2303.14922

2023-01-01

Abstract:Adversarial training can improve the robustness of neural networks. Previous methods focus on a single adversarial training strategy and do not consider the model property trained by different strategies. By revisiting the previous methods, we find different adversarial training methods have distinct robustness for sample instances. For example, a sample instance can be correctly classified by a model trained using standard adversarial training (AT) but not by a model trained using TRADES, and vice versa. Based on this observation, we propose a collaborative adversarial training framework to improve the robustness of neural networks. Specifically, we use different adversarial training methods to train robust models and let models interact with their knowledge during the training process. Collaborative Adversarial Training (CAT) can improve both robustness and accuracy. Extensive experiments on various networks and datasets validate the effectiveness of our method. CAT achieves state-of-the-art adversarial robustness without using any additional data on CIFAR-10 under the Auto-Attack benchmark. Code is available at https://github.com/liuxingbin/CAT.

Xingbin Liu,Huafeng Kuang,Xianming Lin,Yongjian Wu,Rongrong Ji

DOI: https://doi.org/10.48550/arXiv.2303.14922

2023-03-27

Abstract:Adversarial training can improve the robustness of neural networks. Previous methods focus on a single adversarial training strategy and do not consider the model property trained by different strategies. By revisiting the previous methods, we find different adversarial training methods have distinct robustness for sample instances. For example, a sample instance can be correctly classified by a model trained using standard adversarial training (AT) but not by a model trained using TRADES, and vice versa. Based on this observation, we propose a collaborative adversarial training framework to improve the robustness of neural networks. Specifically, we use different adversarial training methods to train robust models and let models interact with their knowledge during the training process. Collaborative Adversarial Training (CAT) can improve both robustness and accuracy. Extensive experiments on various networks and datasets validate the effectiveness of our method. CAT achieves state-of-the-art adversarial robustness without using any additional data on CIFAR-10 under the Auto-Attack benchmark. Code is available at <a class="link-external link-https" href="https://github.com/liuxingbin/CAT" rel="external noopener nofollow">this https URL</a>.

Computer Vision and Pattern Recognition

Junjie Wu,Dit-Yan Yeung

2023-07-04

Abstract:Despite their promising performance across various natural language processing (NLP) tasks, current NLP systems are vulnerable to textual adversarial attacks. To defend against these attacks, most existing methods apply adversarial training by incorporating adversarial examples. However, these methods have to rely on ground-truth labels to generate adversarial examples, rendering it impractical for large-scale model pre-training which is commonly used nowadays for NLP and many other tasks. In this paper, we propose a novel learning framework called SCAT (Self-supervised Contrastive Learning via Adversarial Training), which can learn robust representations without requiring labeled data. Specifically, SCAT modifies random augmentations of the data in a fully labelfree manner to generate adversarial examples. Adversarial training is achieved by minimizing the contrastive loss between the augmentations and their adversarial counterparts. We evaluate SCAT on two text classification datasets using two state-of-the-art attack schemes proposed recently. Our results show that SCAT can not only train robust language models from scratch, but it can also significantly improve the robustness of existing pre-trained language models. Moreover, to demonstrate its flexibility, we show that SCAT can also be combined with supervised adversarial training to further enhance model robustness.

Computation and Language

Jing Lin,Laurent L. Njilla,Kaiqi Xiong

DOI: https://doi.org/10.1109/icc40277.2020.9149002

2020-01-01

Abstract:Though the performance of deep learning is remarkable, recent works have shown that deep learning models are vulnerable to adversarial samples that are close to their original samples to human eyes but misclassified by Deep Neural Network (DNN). This is a serious problem as many deep learning models are used in physical infrastructures and critical application domains such as medical diagnosis, self-driving cars, malware detection, as well as digital assistants like Google Assistant, Alexa, and Siri. Many researchers have attempted to secure neural networks through techniques such as defensive distillation and adversarial retraining. Nevertheless, many of these techniques are ineffective to new or slightly strong adversarial attacks such as the Carlini and Wagner (C&W)’s attack. In this paper, we propose a robust adversarial retraining method to iteratively retrain a given model so that it can not only detect the adversarial examples but also maintain the prediction accuracy for the normal dataset. Our experimental results show that the prediction accuracy on the MNIST test set is maintained while the accuracies under FGSM, C&W, and DeepFool attacks increase from 29% to 91%, 7% to 70%, and 29% to 91%, respectively.

Minhao Cheng,Qi Lei,Pin-Yu Chen,Inderjit Dhillon,Cho-Jui Hsieh

DOI: https://doi.org/10.48550/arXiv.2002.06789

2020-02-17

Abstract:Adversarial training has become one of the most effective methods for improving robustness of neural networks. However, it often suffers from poor generalization on both clean and perturbed data. In this paper, we propose a new algorithm, named Customized Adversarial Training (CAT), which adaptively customizes the perturbation level and the corresponding label for each training sample in adversarial training. We show that the proposed algorithm achieves better clean and robust accuracy than previous adversarial training methods through extensive experiments.

Machine Learning

Mingyuan Fan,Yang Liu,Wenzhong Guo,Ximeng Liu,Jianhua Li

DOI: https://doi.org/10.48550/arxiv.2204.09398

2022-01-01

Abstract: The neural network (NN) becomes one of the most heated type of models in various signal processing applications. However, NNs are extremely vulnerable to adversarial examples (AEs). To defend AEs, adversarial training (AT) is believed to be the most effective method while due to the intensive computation, AT is limited to be applied in most applications. In this paper, to resolve the problem, we design a generic and efficient AT improvement scheme, namely case-aware adversarial training (CAT). Specifically, the intuition stems from the fact that a very limited part of informative samples can contribute to most of model performance. Alternatively, if only the most informative AEs are used in AT, we can lower the computation complexity of AT significantly as maintaining the defense effect. To achieve this, CAT achieves two breakthroughs. First, a method to estimate the information degree of adversarial examples is proposed for AE filtering. Second, to further enrich the information that the NN can obtain from AEs, CAT involves a weight estimation and class-level balancing based sampling strategy to increase the diversity of AT at each iteration. Extensive experiments show that CAT is faster than vanilla AT by up to 3x while achieving competitive defense effect.

Xuanwei Lin,Ximeng Liu,Bijia Chen,Yuyang Wang,Chen Dong,Pengzhen Hu

DOI: https://doi.org/10.1109/jiot.2023.3300300

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Active learning (AL) tries to maximize the model’s performance when the labeled dataset is limited, and the annotation cost is high. Although it can be efficiently implemented in deep neural networks (DNNs), it is questionable whether the model can maintain the ability to generalize well when there are significant distributional deviations between the labeled and unlabeled datasets. In this paper, we consider introducing adversarial training and adversarial samples into active learning to mitigate the problem of degraded generalization performance due to different data distributions. In particular, our proposed adversarial training active learning (ATAL) has two advantages, and one is that adversarial training by different networks enables the network to have better prediction performance and robustness with limited labeled samples. And the other is that the adversarial samples generated by the adversarial training can effectively expand the labeled dataset so that the designed query function can efficiently select the most informative unlabeled samples based on the expanded labeled dataset. Extensive experiments have been performed to verify the feasibility and efficiency of our proposed method, i.e., CIFAR-10 demonstrates the effectiveness of our method — new state-of-the-art robustness and accuracy are achieved.

Bingbing Song,Ruxin Wang,Song Gao,Yunyun Dong,Ling Liu,Wei Zhou

DOI: https://doi.org/10.1109/tsc.2023.3286583

IF: 11.019

2023-01-01

IEEE Transactions on Services Computing

Abstract:Most cloud providers offer Deep Learning as a Service (DLaaS) for different business, science and engineering domains. However, it is known that deep neural networks (DNNs) are vulnerable to adversarial examples, which can cause well-trained DNN models to misbehave by injecting human-imperceptible perturbations to the query input data. Securing deep learning as a service becomes a critical challenge in mitigating such adversarial input perturbations, and enhancing the robustness of DNNs. In this article, we report two important facts: First, most adversarial perturbations are high frequency signals or are added to high frequency signals. Second, due to Frequency Principle that neural networks overly pay attention to fit the low frequency signals during training, the models could be easily misled by the high frequency signals of adversarial examples. These facts consequently contribute to the vulnerability of DNNs service in the Cloud. We conjecture that the more robust the neural networks are in learning from high frequency signals, the more resilient these neural networks are against adversarial perturbed examples. We propose a novel method for generating high-frequency-enhanced adversarial examples, which is achieved by a high-pass filter in the frequency domain via Fourier Transform. This method enhances the learning ability for high frequency signals and ameliorates to over-fit useless low frequency signals. In order to improve the robustness of DNNs service under such signal frequency attacks, we propose a multi-modal collaborative adversarial training framework, named as MMCAT, which uses the multi-modal information of the input images for cross-modal collaborative training, delivering excellent extension for effectively learning of multi-modal image information. Extensive experiments show that under strong adaptive frequency attacks, the DNNs service trained with the proposed MMCAT method achieve superior performance and robustness over the state-of-the-art adversarial training approaches.

Lin Li,Michael Spratling

2023-03-27

Abstract:Deep neural networks can be easily fooled into making incorrect predictions through corruption of the input by adversarial perturbations: human-imperceptible artificial noise. So far adversarial training has been the most successful defense against such adversarial attacks. This work focuses on improving adversarial training to boost adversarial robustness. We first analyze, from an instance-wise perspective, how adversarial vulnerability evolves during adversarial training. We find that during training an overall reduction of adversarial loss is achieved by sacrificing a considerable proportion of training samples to be more vulnerable to adversarial attack, which results in an uneven distribution of adversarial vulnerability among data. Such "uneven vulnerability", is prevalent across several popular robust training methods and, more importantly, relates to overfitting in adversarial training. Motivated by this observation, we propose a new adversarial training method: Instance-adaptive Smoothness Enhanced Adversarial Training (ISEAT). It jointly smooths both input and weight loss landscapes in an adaptive, instance-specific, way to enhance robustness more for those samples with higher adversarial vulnerability. Extensive experiments demonstrate the superiority of our method over existing defense methods. Noticeably, our method, when combined with the latest data augmentation and semi-supervised learning techniques, achieves state-of-the-art robustness against $\ell_{\infty}$-norm constrained attacks on CIFAR10 of 59.32% for Wide ResNet34-10 without extra data, and 61.55% for Wide ResNet28-10 with extra data. Code is available at <a class="link-external link-https" href="https://github.com/TreeLLi/Instance-adaptive-Smoothness-Enhanced-AT" rel="external noopener nofollow">this https URL</a>.

Computer Vision and Pattern Recognition,Artificial Intelligence,Machine Learning

Xiaohu Du,Jie Yu,Shasha Li,Zibo Yi,Hai Liu,Jun Ma

DOI: https://doi.org/10.1109/ijcnn52387.2021.9533725

2021-01-01

Abstract:NLP models perform well on many tasks, but they are also easy to be fooled by adversarial examples. A small perturbation can change the output of the deep neural network model. This kind of perturbation is hard to be perceived by humans, especially adversarial examples generated by word-level adversarial attack. Character-level adversarial attack can be defended by grammar detection and word recognition. The existing word-level textual adversarial attacks are based on synonym replacement, so adversarial texts usually have correct grammar and semantics. The defense of word-level adversarial attack is more challenging. In this paper, we propose a framework which is called Robust Adversarial Training (RAT) to defend against word-level adversarial attacks. RAT enhances the model by combining adversarial training and data perturbation during training. Our experiments on two datasets show that the model based on our framework can effectively defend against word-level adversarial attacks. Compared with the existing defense methods, the model trained under RAT has a higher defense success rate on 1000 adversarial examples. In addition, the accuracy of our model on the standard testing set is also better than the existing defense methods, and the accuracy is very close to or even higher than that of the standard model.

Zuming Zhang,Hui Xia,Zi Kang,Rui Zhang,Xiaolong Shi

DOI: https://doi.org/10.1016/j.ins.2024.121420

IF: 8.1

2024-09-03

Information Sciences

Abstract:Adversarial training is one of the most effective adversarial defense methods currently recognized. It enhances the robustness of deep neural network (DNN) classifiers by generating adversarial samples. However, current adversarial training methods cannot effectively trade off the robust accuracy and natural accuracy when training DNN classifiers, and are prone to overfit. To solve these problems, we propose Customized Adversarial Training based on Instance Loss (CATIL), aiming to improve robust accuracy and natural accuracy while alleviating overfitting. We first comprehensively consider the influencing factors of adversarial training and propose the comprehensive customization strategy (CCS), which crafts unique attack strategies for each sample, fine-tunes the classifier's decision boundary, and boosts the robustness of the DNN classifier without compromising its natural accuracy. Second, the loss adjustment strategy (LAS) is designed to update the attack strategy according to the loss value. This increases the fitting difficulty of the DNN classifier and alleviates the overfitting problem. Finally, numerous experiments show that CATIL can effectively enhance robust accuracy and alleviate the overfitting problem without significantly compromising natural accuracy. When evaluating CIFAR-10 on Wide ResNet, CATIL achieves the best performance in both natural and robust accuracy compared to all benchmarks.

computer science, information systems

Lin Jing,Njilla Laurent L.,Xiong Kaiqi

DOI: https://doi.org/10.1186/s13635-021-00125-2

2022-01-01

EURASIP Journal on Information Security

Abstract:Deep neural networks (DNNs) are widely used to handle many difficult tasks, such as image classification and malware detection, and achieve outstanding performance. However, recent studies on adversarial examples, which have maliciously undetectable perturbations added to their original samples that are indistinguishable by human eyes but mislead the machine learning approaches, show that machine learning models are vulnerable to security attacks. Though various adversarial retraining techniques have been developed in the past few years, none of them is scalable. In this paper, we propose a new iterative adversarial retraining approach to robustify the model and to reduce the effectiveness of adversarial inputs on DNN models. The proposed method retrains the model with both Gaussian noise augmentation and adversarial generation techniques for better generalization. Furthermore, the ensemble model is utilized during the testing phase in order to increase the robust test accuracy. The results from our extensive experiments demonstrate that the proposed approach increases the robustness of the DNN model against various adversarial attacks, specifically, fast gradient sign attack, Carlini and Wagner (C&W) attack, Projected Gradient Descent (PGD) attack, and DeepFool attack. To be precise, the robust classifier obtained by our proposed approach can maintain a performance accuracy of 99% on average on the standard test set. Moreover, we empirically evaluate the runtime of two of the most effective adversarial attacks, i.e., C&W attack and BIM attack, to find that the C&W attack can utilize GPU for faster adversarial example generation than the BIM attack can. For this reason, we further develop a parallel implementation of the proposed approach. This parallel implementation makes the proposed approach scalable for large datasets and complex models.

Jiacang Ho,Byung-Gook Lee,Dae-Ki Kang

DOI: https://doi.org/10.1007/s10489-021-02523-y

IF: 5.3

2021-07-21

Applied Intelligence

Abstract:Adversarial examples have proved efficacious in fooling deep neural networks recently. Many researchers have studied this issue of adversarial examples by evaluating neural networks against their attack techniques and increasing the robustness of neural networks with their defense techniques. To the best of our knowledge, adversarial training is one of the most effective defense techniques against the adversarial examples. However, the method is not able to cope with new attacks because it requires attack techniques in the training phase. In this paper, we propose a novel defense technique, Attack-Less Adversarial Training (ALAT) method, which is independent from any attack techniques, thereby is useful in preventing future attacks. Specifically, ALAT regenerates every pixel of an image into different pixel value, which commonly eliminates the majority of the adversarial noises in the adversarial example. This pixel regeneration is useful in defense because the adversarial noises are the core problem that make the neural networks produce high misclassification rate. Our experiment results with several benchmark datasets show that our method not only relieves over-fitting issue during the training of neural networks with a large number of epochs, but also boosts the robustness of the neural network.

computer science, artificial intelligence

Hamid Bostani,Jacopo Cortellazzi,Daniel Arp,Fabio Pierazzi,Veelasha Moonsamy,Lorenzo Cavallaro

2024-12-24

Abstract:Adversarial Training (AT) has been widely applied to harden learning-based classifiers against adversarial evasive attacks. However, its effectiveness in identifying and strengthening vulnerable areas of the model's decision space while maintaining high performance on clean data of malware classifiers remains an under-explored area. In this context, the robustness that AT achieves has often been assessed against unrealistic or weak adversarial attacks, which negatively affect performance on clean data and are arguably no longer threats. Previous work seems to suggest robustness is a task-dependent property of AT. We instead argue it is a more complex problem that requires exploring AT and the intertwined roles played by certain factors within data, feature representations, classifiers, and robust optimization settings, as well as proper evaluation factors, such as the realism of evasion attacks, to gain a true sense of AT's effectiveness. In our paper, we address this gap by systematically exploring the role such factors have in hardening malware classifiers through AT. Contrary to recent prior work, a key observation of our research and extensive experiments confirm the hypotheses that all such factors influence the actual effectiveness of AT, as demonstrated by the varying degrees of success from our empirical analysis. We identify five evaluation pitfalls that affect state-of-the-art studies and summarize our insights in ten takeaways to draw promising research directions toward better understanding the factors' settings under which adversarial training works at best.

Machine Learning,Cryptography and Security

Luoxin Chen,Xinyue Liu,Weitong Ruan,Jianhua Lu

DOI: https://doi.org/10.18653/v1/2020.findings-emnlp.28

2020-01-01

Abstract:Adversarial training (AT) has shown strong regularization effects on deep learning algorithms by introducing small input perturbations to improve model robustness. In language tasks, adversarial training brings word-level robustness by adding input noise, which is beneficial for text classification. However, it lacks sufficient contextual information enhancement and thus is less useful for sequence labelling tasks such as chunking and named entity recognition (NER). To address this limitation, we propose masked adversarial training (MAT) to improve robustness from contextual information in sequence labelling. MAT masks or replaces some words in the sentence when computing adversarial loss from perturbed inputs and consequently enhances model robustness using more context-level information. In our experiments, our method shows significant improvements on accuracy and robustness of sequence labelling. By further incorporating with ELMo embeddings, our model achieves better or comparable results to state-of-the-art on CoNLL 2000 and 2003 benchmarks using much less parameters.

Prashis Raghuwanshi

DOI: https://doi.org/10.29070/q2reyr59

2024-05-01

Journal of Advances and Scholarly Researches in Allied Education

Abstract:This work investigates advanced methods for improving the resilience of machine learning models against adversarial attacks. Ensuring that these models can withstand deliberately crafted inputs—called adversarial examples—has become critical as machine learning expands into high-stakes fields such as computer vision, cybersecurity, and healthcare. The study examines several types of adversarial attacks, including black-box attacks, where the attacker has no direct knowledge of the model, and white-box attacks, where the attacker has complete access to the model. Popular defense strategies, such as the Fast Gradient Sign Method (FGSM), Iterative FGSM (I-FGSM), and the Carlini and Wagner (C&W) attack, are also discussed. The work emphasizes how adversarial learning contributes to creating more resilient models by addressing both theoretical foundations and practical applications. This thorough investigation highlights the strengths and weaknesses of current approaches, as well as the ongoing need for advancements to protect model integrity against evolving threats.

Lirong He,Qingzhong Ai,Xincheng Yang,Yazhou Ren,Qifan Wang,Zenglin Xu

DOI: https://doi.org/10.1016/j.neunet.2023.08.063

IF: 7.8

2023-01-01

Neural Networks

Abstract:Adversarial training is considered one of the most effective methods to improve the adversarial robustness of deep neural networks. Despite the success, it still suffers from unsatisfactory performance and overfitting. Considering the intrinsic mechanism of adversarial training, recent studies adopt the idea of curriculum learning to alleviate overfitting. However, this also introduces new issues, that is, lacking the quantitative criterion for attacks' strength and catastrophic forgetting. To mitigate such issues, we propose the self-paced adversarial training (SPAT), which explicitly builds the learning process of adversarial training based on adversarial examples of the whole dataset. Specifically, our model is first trained with "easy"adversarial examples, and then is continuously enhanced by gradually adding "complex"adversarial examples. This way strengthens the ability to fit "complex"adversarial examples while holding in mind "easy"adversarial samples. To balance adversarial examples between classes, we determine the difficulty of the adversarial examples locally in each class. Notably, this learning paradigm can also be incorporated into other advanced methods for further boosting adversarial robustness. Experimental results show the effectiveness of our proposed model against various attacks on widely-used benchmarks. Especially, on CIFAR100, SPAT provides a boost of 1.7% (relatively 5.4%) in robust accuracy on the PGD10 attack and 3.9% (relatively 7.2%) in natural accuracy for AWP. (c) 2023 Elsevier Ltd. All rights reserved.

Mazda Moayeri,Soheil Feizi

DOI: https://doi.org/10.48550/arXiv.2108.13797

2021-08-31

Abstract:Adversarial robustness of deep models is pivotal in ensuring safe deployment in real world settings, but most modern defenses have narrow scope and expensive costs. In this paper, we propose a self-supervised method to detect adversarial attacks and classify them to their respective threat models, based on a linear model operating on the embeddings from a pre-trained self-supervised encoder. We use a SimCLR encoder in our experiments, since we show the SimCLR embedding distance is a good proxy for human perceptibility, enabling it to encapsulate many threat models at once. We call our method SimCat since it uses SimCLR encoder to catch and categorize various types of adversarial attacks, including L_p and non-L_p evasion attacks, as well as data poisonings. The simple nature of a linear classifier makes our method efficient in both time and sample complexity. For example, on SVHN, using only five pairs of clean and adversarial examples computed with a PGD-L_inf attack, SimCat's detection accuracy is over 85%. Moreover, on ImageNet, using only 25 examples from each threat model, SimCat can classify eight different attack types such as PGD-L_2, PGD-L_inf, CW-L_2, PPGD, LPA, StAdv, ReColor, and JPEG-L_inf, with over 40% accuracy. On STL10 data, we apply SimCat as a defense against poisoning attacks, such as BP, CP, FC, CLBD, HTBD, halving the success rate while using only twenty total poisons for training. We find that the detectors generalize well to unseen threat models. Lastly, we investigate the performance of our detection method under adaptive attacks and further boost its robustness against such attacks via adversarial training.

Cryptography and Security,Machine Learning

Theodora Anastasiou,Sophia Karagiorgou,Petros Petrou,Dimitrios Papamartzivanos,Thanassis Giannetsos,Georgia Tsirigotaki,Jelle Keizer

DOI: https://doi.org/10.3390/s22186905

2022-09-13

Abstract:Adversarial machine learning (AML) is a class of data manipulation techniques that cause alterations in the behavior of artificial intelligence (AI) systems while going unnoticed by humans. These alterations can cause serious vulnerabilities to mission-critical AI-enabled applications. This work introduces an AI architecture augmented with adversarial examples and defense algorithms to safeguard, secure, and make more reliable AI systems. This can be conducted by robustifying deep neural network (DNN) classifiers and explicitly focusing on the specific case of convolutional neural networks (CNNs) used in non-trivial manufacturing environments prone to noise, vibrations, and errors when capturing and transferring data. The proposed architecture enables the imitation of the interplay between the attacker and a defender based on the deployment and cross-evaluation of adversarial and defense strategies. The AI architecture enables (i) the creation and usage of adversarial examples in the training process, which robustify the accuracy of CNNs, (ii) the evaluation of defense algorithms to recover the classifiers' accuracy, and (iii) the provision of a multiclass discriminator to distinguish and report on non-attacked and attacked data. The experimental results show promising results in a hybrid solution combining the defense algorithms and the multiclass discriminator in an effort to revitalize the attacked base models and robustify the DNN classifiers. The proposed architecture is ratified in the context of a real manufacturing environment utilizing datasets stemming from the actual production lines.