Adversarial example defense based on image reconstruction
The rapid development of deep neural networks (DNN) has promoted the widespread application of image recognition, natural language processing, and autonomous driving. However, DNN is vulnerable to adversarial examples, such as an input sample with imperceptible perturbation which can easily invalida...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
PeerJ Inc.
2021-12-01
|
| Series: | PeerJ Computer Science |
| Subjects: | |
| Online Access: | https://peerj.com/articles/cs-811.pdf |
| _version_ | 1819103033782435840 |
|---|---|
| author | Yu(AUST) Zhang Huan Xu Chengfei Pei Gaoming Yang |
| author_facet | Yu(AUST) Zhang Huan Xu Chengfei Pei Gaoming Yang |
| author_sort | Yu(AUST) Zhang |
| collection | DOAJ |
| description | The rapid development of deep neural networks (DNN) has promoted the widespread application of image recognition, natural language processing, and autonomous driving. However, DNN is vulnerable to adversarial examples, such as an input sample with imperceptible perturbation which can easily invalidate the DNN and even deliberately modify the classification results. Therefore, this article proposes a preprocessing defense framework based on image compression reconstruction to achieve adversarial example defense. Firstly, the defense framework performs pixel depth compression on the input image based on the sensitivity of the adversarial example to eliminate adversarial perturbations. Secondly, we use the super-resolution image reconstruction network to restore the image quality and then map the adversarial example to the clean image. Therefore, there is no need to modify the network structure of the classifier model, and it can be easily combined with other defense methods. Finally, we evaluate the algorithm with MNIST, Fashion-MNIST, and CIFAR-10 datasets; the experimental results show that our approach outperforms current techniques in the task of defending against adversarial example attacks. |
| first_indexed | 2024-12-22T01:44:02Z |
| format | Article |
| id | doaj.art-5b374820a10f475e9bdc12f94c5f9f24 |
| institution | Directory Open Access Journal |
| issn | 2376-5992 |
| language | English |
| last_indexed | 2024-12-22T01:44:02Z |
| publishDate | 2021-12-01 |
| publisher | PeerJ Inc. |
| record_format | Article |
| series | PeerJ Computer Science |
| spelling | doaj.art-5b374820a10f475e9bdc12f94c5f9f242022-12-21T18:43:07ZengPeerJ Inc.PeerJ Computer Science2376-59922021-12-017e81110.7717/peerj-cs.811Adversarial example defense based on image reconstructionYu(AUST) Zhang0Huan Xu1Chengfei Pei2Gaoming Yang3School of Computer Science and Engineering, Anhui University of Science and Technology, Huainan, Anhui, ChinaSchool of Computer Science and Engineering, Anhui University of Science and Technology, Huainan, Anhui, ChinaSchool of Computer Science and Engineering, Anhui University of Science and Technology, Huainan, Anhui, ChinaSchool of Computer Science and Engineering, Anhui University of Science and Technology, Huainan, Anhui, ChinaThe rapid development of deep neural networks (DNN) has promoted the widespread application of image recognition, natural language processing, and autonomous driving. However, DNN is vulnerable to adversarial examples, such as an input sample with imperceptible perturbation which can easily invalidate the DNN and even deliberately modify the classification results. Therefore, this article proposes a preprocessing defense framework based on image compression reconstruction to achieve adversarial example defense. Firstly, the defense framework performs pixel depth compression on the input image based on the sensitivity of the adversarial example to eliminate adversarial perturbations. Secondly, we use the super-resolution image reconstruction network to restore the image quality and then map the adversarial example to the clean image. Therefore, there is no need to modify the network structure of the classifier model, and it can be easily combined with other defense methods. Finally, we evaluate the algorithm with MNIST, Fashion-MNIST, and CIFAR-10 datasets; the experimental results show that our approach outperforms current techniques in the task of defending against adversarial example attacks.https://peerj.com/articles/cs-811.pdfDeep learningAdversarial exampleImage compressionReconstructionSuper-resolution |
| spellingShingle | Yu(AUST) Zhang Huan Xu Chengfei Pei Gaoming Yang Adversarial example defense based on image reconstruction PeerJ Computer Science Deep learning Adversarial example Image compression Reconstruction Super-resolution |
| title | Adversarial example defense based on image reconstruction |
| title_full | Adversarial example defense based on image reconstruction |
| title_fullStr | Adversarial example defense based on image reconstruction |
| title_full_unstemmed | Adversarial example defense based on image reconstruction |
| title_short | Adversarial example defense based on image reconstruction |
| title_sort | adversarial example defense based on image reconstruction |
| topic | Deep learning Adversarial example Image compression Reconstruction Super-resolution |
| url | https://peerj.com/articles/cs-811.pdf |
| work_keys_str_mv | AT yuaustzhang adversarialexampledefensebasedonimagereconstruction AT huanxu adversarialexampledefensebasedonimagereconstruction AT chengfeipei adversarialexampledefensebasedonimagereconstruction AT gaomingyang adversarialexampledefensebasedonimagereconstruction |