An Efficient Pre-processing Method to Eliminate Adversarial Effects
Hua Wang, Jie Wang, Zhaoxia Yin

TL;DR
This paper proposes an efficient preprocessing technique combining WebP compression and image flipping to defend against adversarial attacks on DNNs, achieving high effectiveness with minimal impact on normal image classification.
Contribution
The paper introduces a novel, computationally efficient preprocessing method that effectively defends against adversarial examples, outperforming existing defenses on ImageNet.
Findings
Outperforms state-of-the-art defense methods on ImageNet
Maintains high accuracy on normal images with minimal drop
Effectively removes adversarial noise through combined transformations
Abstract
Deep Neural Networks (DNNs) are vulnerable to adversarial examples generated by imposing subtle perturbations to inputs that lead a model to predict incorrect outputs. Currently, a large number of researches on defending adversarial examples pay little attention to the real-world applications, either with high computational complexity or poor defensive effects. Motivated by this observation, we develop an efficient preprocessing method to defend adversarial images. Specifically, before an adversarial example is fed into the model, we perform two image transformations: WebP compression, which is utilized to remove the small adversarial noises. Flip operation, which flips the image once along one side of the image to destroy the specific structure of adversarial perturbations. Finally, a de-perturbed sample is obtained and can be correctly classified by DNNs. Experimental results on…
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Integrated Circuits and Semiconductor Failure Analysis · Anomaly Detection Techniques and Applications
