VectorDefense: Vectorization as a Defense to Adversarial Examples
Vishaal Munusamy Kabilan, Brandon Morris, Anh Nguyen
TL;DR
This paper proposes using image vectorization as a defense mechanism against adversarial examples in neural networks, aiming to map adversarial inputs back to the natural data manifold.
Contribution
It introduces vectorization as a novel input transformation technique to defend against adversarial attacks on image classifiers.
Findings
Vectorization helps recover the natural image manifold from adversarial examples.
Compared to other input transformations, vectorization shows promising robustness.
Trade-offs exist between hand-designed and learned transformation defenses.
Abstract
Training deep neural networks on images represented as grids of pixels has brought to light an interesting phenomenon known as adversarial examples. Inspired by how humans reconstruct abstract concepts, we attempt to codify the input bitmap image into a set of compact, interpretable elements to avoid being fooled by the adversarial structures. We take the first step in this direction by experimenting with image vectorization as an input transformation step to map the adversarial examples back into the natural manifold of MNIST handwritten digits. We compare our method vs. state-of-the-art input transformations and further discuss the trade-offs between a hand-designed and a learned transformation defense.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Generative Adversarial Networks and Image Synthesis · Advanced Neural Network Applications