Delving into Deep Image Prior for Adversarial Defense: A Novel
Reconstruction-based Defense Framework
- URL: http://arxiv.org/abs/2108.00180v1
- Date: Sat, 31 Jul 2021 08:49:17 GMT
- Title: Delving into Deep Image Prior for Adversarial Defense: A Novel
Reconstruction-based Defense Framework
- Authors: Li Ding, Yongwei Wang, Xin Ding, Kaiwen Yuan, Ping Wang, Hua Huang, Z.
Jane Wang
- Abstract summary: This work proposes a novel and effective reconstruction-based defense framework by delving into deep image prior.
The proposed method analyzes and explicitly incorporates the model decision process into our defense.
Experiments demonstrate that the proposed method outperforms existing state-of-the-art reconstruction-based methods both in defending white-box attacks and defense-aware attacks.
- Score: 34.75025893777763
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep learning based image classification models are shown vulnerable to
adversarial attacks by injecting deliberately crafted noises to clean images.
To defend against adversarial attacks in a training-free and attack-agnostic
manner, this work proposes a novel and effective reconstruction-based defense
framework by delving into deep image prior (DIP). Fundamentally different from
existing reconstruction-based defenses, the proposed method analyzes and
explicitly incorporates the model decision process into our defense. Given an
adversarial image, firstly we map its reconstructed images during DIP
optimization to the model decision space, where cross-boundary images can be
detected and on-boundary images can be further localized. Then, adversarial
noise is purified by perturbing on-boundary images along the reverse direction
to the adversarial image. Finally, on-manifold images are stitched to construct
an image that can be correctly predicted by the victim classifier. Extensive
experiments demonstrate that the proposed method outperforms existing
state-of-the-art reconstruction-based methods both in defending white-box
attacks and defense-aware attacks. Moreover, the proposed method can maintain a
high visual quality during adversarial image reconstruction.
Related papers
- MirrorCheck: Efficient Adversarial Defense for Vision-Language Models [55.73581212134293]
We propose a novel, yet elegantly simple approach for detecting adversarial samples in Vision-Language Models.
Our method leverages Text-to-Image (T2I) models to generate images based on captions produced by target VLMs.
Empirical evaluations conducted on different datasets validate the efficacy of our approach.
arXiv Detail & Related papers (2024-06-13T15:55:04Z) - Adversarial Purification and Fine-tuning for Robust UDC Image Restoration [25.02234305857731]
Under-Display Camera (UDC) technology faces unique image degradation challenges exacerbated by the susceptibility to adversarial perturbations.
This study focuses on the enhancement of Under-Display Camera (UDC) image restoration models, focusing on their robustness against adversarial attacks.
arXiv Detail & Related papers (2024-02-21T09:06:04Z) - Anomaly Unveiled: Securing Image Classification against Adversarial
Patch Attacks [3.6275442368775512]
Adversarial patch attacks pose a significant threat to the practical deployment of deep learning systems.
In this paper, we investigate the behavior of adversarial patches as anomalies within the distribution of image information.
Our proposed defense mechanism utilizes a clustering-based technique called DBSCAN to isolate anomalous image segments.
arXiv Detail & Related papers (2024-02-09T08:52:47Z) - IRAD: Implicit Representation-driven Image Resampling against Adversarial Attacks [16.577595936609665]
We introduce a novel approach to counter adversarial attacks, namely, image resampling.
Image resampling transforms a discrete image into a new one, simulating the process of scene recapturing or rerendering as specified by a geometrical transformation.
We show that our method significantly enhances the adversarial robustness of diverse deep models against various attacks while maintaining high accuracy on clean images.
arXiv Detail & Related papers (2023-10-18T11:19:32Z) - Reconstruction Distortion of Learned Image Compression with
Imperceptible Perturbations [69.25683256447044]
We introduce an attack approach designed to effectively degrade the reconstruction quality of Learned Image Compression (LIC)
We generate adversarial examples by introducing a Frobenius norm-based loss function to maximize the discrepancy between original images and reconstructed adversarial examples.
Experiments conducted on the Kodak dataset using various LIC models demonstrate effectiveness.
arXiv Detail & Related papers (2023-06-01T20:21:05Z) - Adversarial Purification through Representation Disentanglement [21.862799765511976]
Deep learning models are vulnerable to adversarial examples and make incomprehensible mistakes.
Current defense methods, especially purification, tend to remove noise" by learning and recovering the natural images.
In this work, we propose a novel adversarial purification scheme by presenting disentanglement of natural images and adversarial perturbations as a preprocessing defense.
arXiv Detail & Related papers (2021-10-15T01:45:31Z) - Deep Image Destruction: A Comprehensive Study on Vulnerability of Deep
Image-to-Image Models against Adversarial Attacks [104.8737334237993]
We present comprehensive investigations into the vulnerability of deep image-to-image models to adversarial attacks.
For five popular image-to-image tasks, 16 deep models are analyzed from various standpoints.
We show that unlike in image classification tasks, the performance degradation on image-to-image tasks can largely differ depending on various factors.
arXiv Detail & Related papers (2021-04-30T14:20:33Z) - Adversarial Examples Detection beyond Image Space [88.7651422751216]
We find that there exists compliance between perturbations and prediction confidence, which guides us to detect few-perturbation attacks from the aspect of prediction confidence.
We propose a method beyond image space by a two-stream architecture, in which the image stream focuses on the pixel artifacts and the gradient stream copes with the confidence artifacts.
arXiv Detail & Related papers (2021-02-23T09:55:03Z) - Error Diffusion Halftoning Against Adversarial Examples [85.11649974840758]
Adversarial examples contain carefully crafted perturbations that can fool deep neural networks into making wrong predictions.
We propose a new image transformation defense based on error diffusion halftoning, and combine it with adversarial training to defend against adversarial examples.
arXiv Detail & Related papers (2021-01-23T07:55:02Z) - Online Alternate Generator against Adversarial Attacks [144.45529828523408]
Deep learning models are notoriously sensitive to adversarial examples which are synthesized by adding quasi-perceptible noises on real images.
We propose a portable defense method, online alternate generator, which does not need to access or modify the parameters of the target networks.
The proposed method works by online synthesizing another image from scratch for an input image, instead of removing or destroying adversarial noises.
arXiv Detail & Related papers (2020-09-17T07:11:16Z) - GraCIAS: Grassmannian of Corrupted Images for Adversarial Security [4.259219671110274]
In this work, we propose a defense strategy that applies random image corruptions to the input image alone.
We develop proximity relationships between the projection operator of a clean image and of its adversarially perturbed version, via bounds relating geodesic distance on the Grassmannian to matrix Frobenius norms.
Unlike state-of-the-art approaches, even without any retraining, the proposed strategy achieves an absolute improvement of 4.5% in defense accuracy on ImageNet.
arXiv Detail & Related papers (2020-05-06T16:17:12Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.