HAD-GAN: A Human-perception Auxiliary Defense GAN to Defend Adversarial Examples

TL;DR

HAD-GAN is a novel defense framework combining texture transfer and GANs to enhance neural network robustness against adversarial examples by emphasizing shape over texture, outperforming existing methods.

Contribution

The paper introduces HAD-GAN, a new model integrating texture transfer and auxiliary GANs to improve adversarial defense by aligning classifier focus with human perception.

Findings

Outperforms state-of-the-art defense methods on MNIST, Fashion-MNIST, and CIFAR10.

Significantly improves robustness against adversarial examples.

Enhances classifier focus on shape rather than texture.

Abstract

Adversarial examples reveal the vulnerability and unexplained nature of neural networks. Studying the defense of adversarial examples is of considerable practical importance. Most adversarial examples that misclassify networks are often undetectable by humans. In this paper, we propose a defense model to train the classifier into a human-perception classification model with shape preference. The proposed model comprising a texture transfer network (TTN) and an auxiliary defense generative adversarial networks (GAN) is called Human-perception Auxiliary Defense GAN (HAD-GAN). The TTN is used to extend the texture samples of a clean image and helps classifiers focus on its shape. GAN is utilized to form a training framework for the model and generate the necessary images. A series of experiments conducted on MNIST, Fashion-MNIST and CIFAR10 show that the proposed model outperforms the state-of-the-art defense methods for network robustness. The model also demonstrates a significant improvement on defense capability of adversarial examples.