Attack Agnostic Adversarial Defense via Visual Imperceptible Bound

TL;DR

This paper introduces a novel, attack-agnostic defense method based on a visual imperceptible bound (VIB) that enhances robustness against various adversarial attacks while maintaining accuracy on clean data.

Contribution

It proposes a new defense model utilizing the Visual Imperceptible Bound (VIB) to improve robustness against seen and unseen attacks without attack-specific knowledge.

Findings

Increased robustness against multiple attacks on MNIST, CIFAR-10, and Tiny ImageNet.

Maintains or improves accuracy on clean test sets.

Effective measurement of attack strength using VIB.

Abstract

The high susceptibility of deep learning algorithms against structured and unstructured perturbations has motivated the development of efficient adversarial defense algorithms. However, the lack of generalizability of existing defense algorithms and the high variability in the performance of the attack algorithms for different databases raises several questions on the effectiveness of the defense algorithms. In this research, we aim to design a defense model that is robust within a certain bound against both seen and unseen adversarial attacks. This bound is related to the visual appearance of an image, and we termed it as \textit{Visual Imperceptible Bound (VIB)}. To compute this bound, we propose a novel method that uses the database characteristics. The VIB is further used to measure the effectiveness of attack algorithms. The performance of the proposed defense model is evaluated on the MNIST, CIFAR-10, and Tiny ImageNet databases on multiple attacks that include C\&W ($l_2$) and DeepFool. The proposed defense model is not only able to increase the robustness against several attacks but also retain or improve the classification accuracy on an original clean test set. The proposed algorithm is attack agnostic, i.e. it does not require any knowledge of the attack algorithm.