Compressive Sensing Based Adaptive Defence Against Adversarial Images

TL;DR

This paper introduces a novel adaptive defence algorithm based on compressive sensing that effectively counters adversarial attacks in the frequency domain without prior attack type knowledge, demonstrating superior accuracy and efficiency.

Contribution

The proposed CAD algorithm uniquely addresses frequency domain distortions and adaptively identifies attack types without prior information, enhancing robustness against adversarial attacks.

Findings

Achieves high classification accuracy on MNIST and CIFAR-10

Generates high-quality reconstructed images with lower computation

Effective against five state-of-the-art white box attacks

Abstract

Herein, security of deep neural network against adversarial attack is considered. Existing compressive sensing based defence schemes assume that adversarial perturbations are usually on high frequency components, whereas recently it has been shown that low frequency perturbations are more effective. This paper proposes a novel Compressive sensing based Adaptive Defence (CAD) algorithm which combats distortion in frequency domain instead of time domain. Unlike existing literature, the proposed CAD algorithm does not use information about the type of attack such as l0, l2, l-infinity etc. CAD algorithm uses exponential weight algorithm for exploration and exploitation to identify the type of attack, compressive sampling matching pursuit (CoSaMP) to recover the coefficients in spectral domain, and modified basis pursuit using a novel constraint for l0, l-infinity norm attack. Tight performance bounds for various recovery schemes meant for various attack types are also provided. Experimental results against five state-of-the-art white box attacks on MNIST and CIFAR-10 show that the proposed CAD algorithm achieves excellent classification accuracy and generates good quality reconstructed image with much lower computation