Improving Robustness with Image Filtering

TL;DR

This paper introduces a novel image filtering approach called Image-Graph Extractor (IGE) and a defense method that enhances robustness against adversarial attacks without relying on costly adversarial training, validated on multiple datasets.

Contribution

The paper presents IGE, a new graph-based image filtering scheme, and a defense method that improves robustness by preventing pixel entanglement, with effective data augmentation strategies.

Findings

IGE effectively extracts fundamental image structures.

Filtering as a Defense improves adversarial robustness.

Data augmentation with filtered images enhances model resilience.

Abstract

Adversarial robustness is one of the most challenging problems in Deep Learning and Computer Vision research. All the state-of-the-art techniques require a time-consuming procedure that creates cleverly perturbed images. Due to its cost, many solutions have been proposed to avoid Adversarial Training. However, all these attempts proved ineffective as the attacker manages to exploit spurious correlations among pixels to trigger brittle features implicitly learned by the model. This paper first introduces a new image filtering scheme called Image-Graph Extractor (IGE) that extracts the fundamental nodes of an image and their connections through a graph structure. By leveraging the IGE representation, we build a new defense method, Filtering As a Defense, that does not allow the attacker to entangle pixels to create malicious patterns. Moreover, we show that data augmentation with filtered images effectively improves the model's robustness to data corruption. We validate our techniques on CIFAR-10, CIFAR-100, and ImageNet.