DNDNet: Reconfiguring CNN for adversarial robustness

A Goel, A Agarwal, M Vatsa… - Proceedings of the …, 2020 - openaccess.thecvf.com
Proceedings of the IEEE/CVF Conference on Computer Vision and …, 2020openaccess.thecvf.com
Several successful adversarial attacks have demonstrated the vulnerabilities of deep
learning algorithms. These attacks are detrimental in building deep learning based
dependable AI applications. Therefore, it is imperative to build a defense mechanism to
protect the integrity of deep learning models. In this paper, we present a novel" defense
layer" in a network which aims to block the generation of adversarial noise and prevents an
adversarial attack in black-box and gray-box settings. The parameter-free defense layer …
Abstract
Several successful adversarial attacks have demonstrated the vulnerabilities of deep learning algorithms. These attacks are detrimental in building deep learning based dependable AI applications. Therefore, it is imperative to build a defense mechanism to protect the integrity of deep learning models. In this paper, we present a novel" defense layer" in a network which aims to block the generation of adversarial noise and prevents an adversarial attack in black-box and gray-box settings. The parameter-free defense layer, when applied to any convolutional network, helps in achieving protection against attacks such as FGSM, L_2, Elastic-Net, and DeepFool. Experiments are performed with different CNN architectures, including VGG, ResNet, and DenseNet, on three databases, namely, MNIST, CIFAR-10, and PaSC. The results showcase the efficacy of the proposed defense layer without adding any computational overhead. For example, on the CIFAR-10 database, while the attack can reduce the accuracy of the ResNet-50 model to as low as 6.3%, the proposed" defense layer" retains the original accuracy of 81.32%.
openaccess.thecvf.com
以上显示的是最相近的搜索结果。 查看全部搜索结果