Divide, Denoise, and Defend against Adversarial Attacks

Deep neural networks, although shown to be a successful class of machine learning algorithms, are known to be extremely unstable to adversarial perturbations. Improving the robustness of neural networks against these attacks is important, especially for security-critical applications. To defend against such attacks, we propose dividing the input image into multiple patches, denoising each patch independently, and reconstructing the image, without losing significant image content. This proposed defense mechanism is non-differentiable which makes it non-trivial for an adversary to apply gradient-based attacks. Moreover, we do not fine-tune the network with adversarial examples, making it more robust against unknown attacks. We present a thorough analysis of the tradeoff between accuracy and robustness against adversarial attacks. We evaluate our method under black-box, grey-box, and white-box settings. The proposed method outperforms the state-of-the-art by a significant margin on the ImageNet dataset under grey-box attacks while maintaining good accuracy on clean images. We also establish a strong baseline for a novel white-box attack.

READ FULL TEXT

page 1

page 3

page 8

research
04/19/2021

Direction-Aggregated Attack for Transferable Adversarial Examples

Deep neural networks are vulnerable to adversarial examples that are cra...
research
10/23/2020

Learn Robust Features via Orthogonal Multi-Path

It is now widely known that by adversarial attacks, clean images with in...
research
07/01/2019

Diminishing the Effect of Adversarial Perturbations via Refining Feature Representation

Deep neural networks are highly vulnerable to adversarial examples, whic...
research
02/02/2023

Beyond Pretrained Features: Noisy Image Modeling Provides Adversarial Defense

Masked Image Modeling (MIM) has been a prevailing framework for self-sup...
research
09/17/2020

Online Alternate Generator against Adversarial Attacks

The field of computer vision has witnessed phenomenal progress in recent...
research
02/28/2020

Detecting Patch Adversarial Attacks with Image Residuals

We introduce an adversarial sample detection algorithm based on image re...
research
12/09/2018

Feature Denoising for Improving Adversarial Robustness

Adversarial attacks to image classification systems present challenges t...

Please sign up or login with your details

Forgot password? Click here to reset