Denoised Internal Models: a Brain-Inspired Autoencoder against Adversarial Attacks

TL;DR

This paper introduces Denoised Internal Models (DIM), a brain-inspired autoencoder approach that significantly enhances robustness of deep neural networks against a wide range of adversarial attacks by mimicking human visual processing.

Contribution

The paper presents a novel two-stage autoencoder model inspired by brain mechanisms, improving adversarial robustness beyond current state-of-the-art methods.

Findings

DIM effectively defends against 42 adversarial attacks

DIM outperforms state-of-the-art robustness methods

The model mimics brain visual processing mechanisms

Abstract

Despite its great success, deep learning severely suffers from robustness; that is, deep neural networks are very vulnerable to adversarial attacks, even the simplest ones. Inspired by recent advances in brain science, we propose the Denoised Internal Models (DIM), a novel generative autoencoder-based model to tackle this challenge. Simulating the pipeline in the human brain for visual signal processing, DIM adopts a two-stage approach. In the first stage, DIM uses a denoiser to reduce the noise and the dimensions of inputs, reflecting the information pre-processing in the thalamus. Inspired from the sparse coding of memory-related traces in the primary visual cortex, the second stage produces a set of internal models, one for each category. We evaluate DIM over 42 adversarial attacks, showing that DIM effectively defenses against all the attacks and outperforms the SOTA on the overall robustness.