Since 2014, artificial neural networks have been known to be vulnerable to adversarial attacks, which can fool the network into producing wrong or nonsensical outputs by making humanly imperceptible alterations to inputs. While defenses against adversarial attacks have been proposed, they usually involve retraining a new neural network from scratch, a costly task. In this work, I introduce the Finite Gaussian Neuron (FGN), a novel neuron architecture for artificial neural networks. My works aims to: - easily convert existing models to Finite Gaussian Neuron architecture, - while preserving the existing model's behavior on real data, - and offering resistance against adversarial attacks. I show that converted and retrained Finite Gaussian Neural Networks (FGNN) always have lower confidence (i.e., are not overconfident) in their predictions over randomized and Fast Gradient Sign Method adversarial images when compared to classical neural networks, while maintaining high accuracy and confidence over real MNIST images. To further validate the capacity of Finite Gaussian Neurons to protect from adversarial attacks, I compare the behavior of FGNs to that of Bayesian Neural Networks against both randomized and adversarial images, and show how the behavior of the two architectures differs. Finally I show some limitations of the FGN models by testing them on the more complex SPEECHCOMMANDS task, against the stronger Carlini-Wagner and Projected Gradient Descent adversarial attacks.

翻译：自2014年起，人工神经网络被证实易受对抗攻击影响——攻击者通过施加人眼难以察觉的输入扰动，使网络产生错误或无意义的输出。尽管已有多种防御方法被提出，但这些方法通常需从零开始重新训练新网络，成本高昂。本文提出有限高斯神经元（FGN），一种新型人工神经网络神经元架构。本研究旨在：- 简便地将现有模型转换为有限高斯神经元架构，- 同时保留原模型对真实数据的处理行为，- 并提供对抗攻击防御能力。实验表明，与经典神经网络相比，转换并重新训练的有限高斯神经网络（FGNN）在随机扰动和快速梯度符号法生成的对抗图像上始终具有更低的预测置信度（即不表现出过度自信），同时对真实MNIST图像保持高精度与高置信度。为验证有限高斯神经元防御对抗攻击的能力，本文将FGN与贝叶斯神经网络在随机图像和对抗图像上的表现进行对比，揭示两种架构的行为差异。最后，通过在更复杂的SPEECHCOMMANDS任务上测试更强力的Carlini-Wagner攻击和投影梯度下降攻击，展示了FGN模型的局限性。