Adversarial Defense by Stratified Convolutional Sparse Coding

TL;DR

This paper introduces a novel adversarial defense technique using stratified convolutional sparse coding, achieving state-of-the-art robustness across various attack scenarios while preserving input resolution and dataset scale.

Contribution

It presents a new defense method based on convolutional sparse coding with a Sparse Transformation Layer, effectively removing adversarial perturbations in a quasi-natural image space.

Findings

Achieves state-of-the-art attack-agnostic defense performance

Maintains robustness across different input resolutions and perturbation scales

Effectively removes adversarial perturbations while preserving natural image quality

Abstract

We propose an adversarial defense method that achieves state-of-the-art performance among attack-agnostic adversarial defense methods while also maintaining robustness to input resolution, scale of adversarial perturbation, and scale of dataset size. Based on convolutional sparse coding, we construct a stratified low-dimensional quasi-natural image space that faithfully approximates the natural image space while also removing adversarial perturbations. We introduce a novel Sparse Transformation Layer (STL) in between the input image and the first layer of the neural network to efficiently project images into our quasi-natural image space. Our experiments show state-of-the-art performance of our method compared to other attack-agnostic adversarial defense methods in various adversarial settings.