ReabsNet: Detecting and Revising Adversarial Examples

by   Jiefeng Chen, et al.
University of Wisconsin-Madison

Though deep neural network has hit a huge success in recent studies and applica- tions, it still remains vulnerable to adversarial perturbations which are imperceptible to humans. To address this problem, we propose a novel network called ReabsNet to achieve high classification accuracy in the face of various attacks. The approach is to augment an existing classification network with a guardian network to detect if a sample is natural or has been adversarially perturbed. Critically, instead of simply rejecting adversarial examples, we revise them to get their true labels. We exploit the observation that a sample containing adversarial perturbations has a possibility of returning to its true class after revision. We demonstrate that our ReabsNet outperforms the state-of-the-art defense method under various adversarial attacks.


Reactive Perturbation Defocusing for Textual Adversarial Defense

Recent studies have shown that large pre-trained language models are vul...

Searching for the Essence of Adversarial Perturbations

Neural networks have achieved the state-of-the-art performance in variou...

NoiseCAM: Explainable AI for the Boundary Between Noise and Adversarial Attacks

Deep Learning (DL) and Deep Neural Networks (DNNs) are widely used in va...

Adversarial examples are useful too!

Deep learning has come a long way and has enjoyed an unprecedented succe...

Connecting the Dots: Detecting Adversarial Perturbations Using Context Inconsistency

There has been a recent surge in research on adversarial perturbations t...

Reliable Classification Explanations via Adversarial Attacks on Robust Networks

Neural Networks (NNs) have been found vulnerable to a class of impercept...

Detecting Adversarial Perturbations with Saliency

In this paper we propose a novel method for detecting adversarial exampl...

Please sign up or login with your details

Forgot password? Click here to reset