ME-Net: Towards Effective Adversarial Robustness with Matrix Estimation

05/28/2019
by   Yuzhe Yang, et al.
0

Deep neural networks are vulnerable to adversarial attacks. The literature is rich with algorithms that can easily craft successful adversarial examples. In contrast, the performance of defense techniques still lags behind. This paper proposes ME-Net, a defense method that leverages matrix estimation (ME). In ME-Net, images are preprocessed using two steps: first pixels are randomly dropped from the image; then, the image is reconstructed using ME. We show that this process destroys the adversarial structure of the noise, while re-enforcing the global structure in the original image. Since humans typically rely on such global structures in classifying images, the process makes the network mode compatible with human perception. We conduct comprehensive experiments on prevailing benchmarks such as MNIST, CIFAR-10, SVHN, and Tiny-ImageNet. Comparing ME-Net with state-of-the-art defense mechanisms shows that ME-Net consistently outperforms prior techniques, improving robustness against both black-box and white-box attacks.

READ FULL TEXT

page 3

page 21

page 22

research
12/08/2017

Defense against Adversarial Attacks Using High-Level Representation Guided Denoiser

Neural networks are vulnerable to adversarial examples. This phenomenon ...
research
03/26/2021

Adversarial Attacks are Reversible with Natural Supervision

We find that images contain intrinsic structure that enables the reversa...
research
03/04/2021

Structure-Preserving Progressive Low-rank Image Completion for Defending Adversarial Attacks

Deep neural networks recognize objects by analyzing local image details ...
research
12/21/2021

Improving Robustness with Image Filtering

Adversarial robustness is one of the most challenging problems in Deep L...
research
09/13/2019

White-Box Adversarial Defense via Self-Supervised Data Estimation

In this paper, we study the problem of how to defend classifiers against...
research
07/20/2020

AdvFoolGen: Creating Persistent Troubles for Deep Classifiers

Researches have shown that deep neural networks are vulnerable to malici...
research
09/01/2020

Defending against substitute model black box adversarial attacks with the 01 loss

Substitute model black box attacks can create adversarial examples for a...

Please sign up or login with your details

Forgot password? Click here to reset