Salient Feature Extractor for Adversarial Defense on Deep Neural Networks

TL;DR

This paper introduces a novel salient feature extractor (SFE) that uses coupled GANs to detect and defend against adversarial attacks in deep neural networks by distinguishing class-related features from misleading ones, achieving state-of-the-art results.

Contribution

The paper proposes a new SFE method that leverages coupled GANs to extract and compare salient and trivial features for adversarial detection and defense, providing interpretability and improved performance.

Findings

SFE outperforms baseline methods on MNIST, CIFAR-10, and ImageNet datasets.

The method effectively detects adversarial examples by comparing salient and trivial features.

SFE offers an interpretable approach to understanding adversarial defense mechanisms.

Abstract

Recent years have witnessed unprecedented success achieved by deep learning models in the field of computer vision. However, their vulnerability towards carefully crafted adversarial examples has also attracted the increasing attention of researchers. Motivated by the observation that adversarial examples are due to the non-robust feature learned from the original dataset by models, we propose the concepts of salient feature(SF) and trivial feature(TF). The former represents the class-related feature, while the latter is usually adopted to mislead the model. We extract these two features with coupled generative adversarial network model and put forward a novel detection and defense method named salient feature extractor (SFE) to defend against adversarial attacks. Concretely, detection is realized by separating and comparing the difference between SF and TF of the input. At the same time, correct labels are obtained by re-identifying SF to reach the purpose of defense. Extensive experiments are carried out on MNIST, CIFAR-10, and ImageNet datasets where SFE shows state-of-the-art results in effectiveness and efficiency compared with baselines. Furthermore, we provide an interpretable understanding of the defense and detection process.