TL;DR
This paper introduces a two-stage defense framework combining natural scene statistics detection and adaptive denoising to improve deep neural network robustness against various adversarial attacks across multiple datasets.
Contribution
It presents a novel two-stage defense method using NSS-based detection and CNN-optimized denoising, which generalizes better than existing defenses against diverse attack types.
Findings
Outperforms state-of-the-art defenses in robustness.
Effective across black-box, gray-box, and white-box attack scenarios.
Validated on MNIST, CIFAR-10, and Tiny-ImageNet datasets.
Abstract
Despite the enormous performance of deepneural networks (DNNs), recent studies have shown theirvulnerability to adversarial examples (AEs), i.e., care-fully perturbed inputs designed to fool the targetedDNN. Currently, the literature is rich with many ef-fective attacks to craft such AEs. Meanwhile, many de-fenses strategies have been developed to mitigate thisvulnerability. However, these latter showed their effec-tiveness against specific attacks and does not general-ize well to different attacks. In this paper, we proposea framework for defending DNN classifier against ad-versarial samples. The proposed method is based on atwo-stage framework involving a separate detector anda denoising block. The detector aims to detect AEs bycharacterizing them through the use of natural scenestatistic (NSS), where we demonstrate that these statis-tical features are altered by the presence of…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
