Unsupervised Adversarial Defense through Tandem Deep Image Priors
Deep neural networks are vulnerable to the adversarial example synthesized by adding imperceptible perturbations to the original image but can fool the classifier to provide wrong prediction outputs. This paper proposes an image restoration approach which provides a strong defense mechanism to provi...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2020-11-01
|
| Series: | Electronics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2079-9292/9/11/1957 |
| _version_ | 1797547375920676864 |
|---|---|
| author | Yu Shi Cien Fan Lian Zou Caixia Sun Yifeng Liu |
| author_facet | Yu Shi Cien Fan Lian Zou Caixia Sun Yifeng Liu |
| author_sort | Yu Shi |
| collection | DOAJ |
| description | Deep neural networks are vulnerable to the adversarial example synthesized by adding imperceptible perturbations to the original image but can fool the classifier to provide wrong prediction outputs. This paper proposes an image restoration approach which provides a strong defense mechanism to provide robustness against adversarial attacks. We show that the unsupervised image restoration framework, deep image prior, can effectively eliminate the influence of adversarial perturbations. The proposed method uses multiple deep image prior networks called tandem deep image priors to recover the original image from adversarial example. Tandem deep image priors contain two deep image prior networks. The first network captures the main information of images and the second network recovers original image based on the prior information provided by the first network. The proposed method reduces the number of iterations originally required by deep image prior network and does not require adjusting the classifier or pre-training. It can be combined with other defensive methods. Our experiments show that the proposed method surprisingly achieves higher classification accuracy on ImageNet against a wide variety of adversarial attacks than previous state-of-the-art defense methods. |
| first_indexed | 2024-03-10T14:43:21Z |
| format | Article |
| id | doaj.art-db0613431e4c4824887b91afb29114e2 |
| institution | Directory Open Access Journal |
| issn | 2079-9292 |
| language | English |
| last_indexed | 2024-03-10T14:43:21Z |
| publishDate | 2020-11-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Electronics |
| spelling | doaj.art-db0613431e4c4824887b91afb29114e22023-11-20T21:36:52ZengMDPI AGElectronics2079-92922020-11-01911195710.3390/electronics9111957Unsupervised Adversarial Defense through Tandem Deep Image PriorsYu Shi0Cien Fan1Lian Zou2Caixia Sun3Yifeng Liu4School of Electronic Information, Wuhan University, Wuhan 430072, ChinaSchool of Electronic Information, Wuhan University, Wuhan 430072, ChinaSchool of Electronic Information, Wuhan University, Wuhan 430072, ChinaSchool of Electronic Information, Wuhan University, Wuhan 430072, ChinaNational Engineering Laboratory for Public Safety Risk Perception and Control by Big Data (NEL-PSRPC), Beijing 100041, ChinaDeep neural networks are vulnerable to the adversarial example synthesized by adding imperceptible perturbations to the original image but can fool the classifier to provide wrong prediction outputs. This paper proposes an image restoration approach which provides a strong defense mechanism to provide robustness against adversarial attacks. We show that the unsupervised image restoration framework, deep image prior, can effectively eliminate the influence of adversarial perturbations. The proposed method uses multiple deep image prior networks called tandem deep image priors to recover the original image from adversarial example. Tandem deep image priors contain two deep image prior networks. The first network captures the main information of images and the second network recovers original image based on the prior information provided by the first network. The proposed method reduces the number of iterations originally required by deep image prior network and does not require adjusting the classifier or pre-training. It can be combined with other defensive methods. Our experiments show that the proposed method surprisingly achieves higher classification accuracy on ImageNet against a wide variety of adversarial attacks than previous state-of-the-art defense methods.https://www.mdpi.com/2079-9292/9/11/1957adversarial exampledeep learningimage restorationunsupervised learning |
| spellingShingle | Yu Shi Cien Fan Lian Zou Caixia Sun Yifeng Liu Unsupervised Adversarial Defense through Tandem Deep Image Priors Electronics adversarial example deep learning image restoration unsupervised learning |
| title | Unsupervised Adversarial Defense through Tandem Deep Image Priors |
| title_full | Unsupervised Adversarial Defense through Tandem Deep Image Priors |
| title_fullStr | Unsupervised Adversarial Defense through Tandem Deep Image Priors |
| title_full_unstemmed | Unsupervised Adversarial Defense through Tandem Deep Image Priors |
| title_short | Unsupervised Adversarial Defense through Tandem Deep Image Priors |
| title_sort | unsupervised adversarial defense through tandem deep image priors |
| topic | adversarial example deep learning image restoration unsupervised learning |
| url | https://www.mdpi.com/2079-9292/9/11/1957 |
| work_keys_str_mv | AT yushi unsupervisedadversarialdefensethroughtandemdeepimagepriors AT cienfan unsupervisedadversarialdefensethroughtandemdeepimagepriors AT lianzou unsupervisedadversarialdefensethroughtandemdeepimagepriors AT caixiasun unsupervisedadversarialdefensethroughtandemdeepimagepriors AT yifengliu unsupervisedadversarialdefensethroughtandemdeepimagepriors |