Robust Pre-Processing: A Robust Defense Method Against Adversary Attack

by   Adnan Siraj Rakin, et al.

Deep learning algorithms and networks are vulnerable to perturbed inputs which are known as the adversarial attack. Many defense methodologies have been investigated to defend such adversarial attack. In this work, we propose a novel methodology to defend the existing powerful attack model. Such attack models have achieved record success against MNIST dataset to force it to miss-classify all of its inputs. Whereas Our proposed defense method robust pre-processing achieves the best accuracy among the current state of the art defenses. It consists of Tanh (hyperbolic tangent) function, smoothing and batch normalization to process the input data which will make it more robust over the adversarial attack. robust pre-processing improves the white box attack accuracy of MNIST from 94.3 others defenses completely fail, robust pre-processing remains one of the strongest ever reported. Another strength of our defense is that it eliminates the need for adversarial training as it can significantly increase the MNIST accuracy without adversarial training as well. This makes it a more generalized defense method with almost half training overhead and much-improved accuracy. robust pre-processing can also increase the inference accuracy in the face of the powerful attack on CIFAR-10 and SVHN data set as well without much sacrificing clean data accuracy.


page 1

page 2

page 3

page 4


Blind Pre-Processing: A Robust Defense Method Against Adversarial Examples

Deep learning algorithms and networks are vulnerable to perturbed inputs...

Improving White-box Robustness of Pre-processing Defenses via Joint Adversarial Training

Deep neural networks (DNNs) are vulnerable to adversarial noise. A range...

Adversarial Attacks and Defenses for Speaker Identification Systems

Research in automatic speaker recognition (SR) has been undertaken for s...

Adaptive Modeling Against Adversarial Attacks

Adversarial training, the process of training a deep learning model with...

The Efficacy of SHIELD under Different Threat Models

We study the efficacy of SHIELD in the face of alternative threat models...

On the Limitations of Stochastic Pre-processing Defenses

Defending against adversarial examples remains an open problem. A common...

Mix'n'Squeeze: Thwarting Adaptive Adversarial Samples Using Randomized Squeezing

Deep Learning (DL) has been shown to be particularly vulnerable to adver...

Please sign up or login with your details

Forgot password? Click here to reset