AID-Purifier: A Light Auxiliary Network for Boosting Adversarial Defense

TL;DR

AID-Purifier is a lightweight auxiliary network designed to enhance the robustness of adversarially-trained classifiers by purifying inputs, leveraging information maximization and AVmixup for improved adversarial defense.

Contribution

Introduces AID-Purifier, a novel, computationally efficient auxiliary network that boosts adversarial robustness when combined with existing defenses.

Findings

Enhances robustness of adversarially-trained networks

Compatible with other purification methods like PixelDefend

Competitive performance as a lightweight purification network

Abstract

We propose an AID-purifier that can boost the robustness of adversarially-trained networks by purifying their inputs. AID-purifier is an auxiliary network that works as an add-on to an already trained main classifier. To keep it computationally light, it is trained as a discriminator with a binary cross-entropy loss. To obtain additionally useful information from the adversarial examples, the architecture design is closely related to information maximization principles where two layers of the main classification network are piped to the auxiliary network. To assist the iterative optimization procedure of purification, the auxiliary network is trained with AVmixup. AID-purifier can be used together with other purifiers such as PixelDefend for an extra enhancement. The overall results indicate that the best performing adversarially-trained networks can be enhanced by the best performing purification networks, where AID-purifier is a competitive candidate that is light and robust.