Self-Supervised Iterative Contextual Smoothing for Efficient Adversarial Defense against Gray- and Black-Box Attack

06/22/2021
by   Sungmin Cha, et al.
0

We propose a novel and effective input transformation based adversarial defense method against gray- and black-box attack, which is computationally efficient and does not require any adversarial training or retraining of a classification model. We first show that a very simple iterative Gaussian smoothing can effectively wash out adversarial noise and achieve substantially high robust accuracy. Based on the observation, we propose Self-Supervised Iterative Contextual Smoothing (SSICS), which aims to reconstruct the original discriminative features from the Gaussian-smoothed image in context-adaptive manner, while still smoothing out the adversarial noise. From the experiments on ImageNet, we show that our SSICS achieves both high standard accuracy and very competitive robust accuracy for the gray- and black-box attacks; e.g., transfer-based PGD-attack and score-based attack. A note-worthy point to stress is that our defense is free of computationally expensive adversarial training, yet, can approach its robust accuracy via input transformation.

READ FULL TEXT
research
10/02/2020

Block-wise Image Transformation with Secret Key for Adversarially Robust Defense

In this paper, we propose a novel defensive transformation that enables ...
research
01/31/2022

Boundary Defense Against Black-box Adversarial Attacks

Black-box adversarial attacks generate adversarial samples via iterative...
research
04/13/2023

Certified Zeroth-order Black-Box Defense with Robust UNet Denoiser

Certified defense methods against adversarial perturbations have been re...
research
04/23/2021

Theoretical Study of Random Noise Defense against Query-Based Black-Box Attacks

The query-based black-box attacks, which don't require any knowledge abo...
research
01/13/2023

Weighted RML using ensemble-methods for data assimilation

The weighting of critical-point samples in the weighted randomized maxim...
research
09/17/2020

Label Smoothing and Adversarial Robustness

Recent studies indicate that current adversarial attack methods are flaw...
research
11/12/2020

Adversarial Robustness Against Image Color Transformation within Parametric Filter Space

We propose Adversarial Color Enhancement (ACE), a novel approach to gene...

Please sign up or login with your details

Forgot password? Click here to reset