Corrupting Data to Remove Deceptive Perturbation: Using Preprocessing Method to Improve System Robustness
Hieu Le, Hans Walker, Dung Tran, Peter Chin
TL;DR
This paper proposes a preprocessing method that corrupts and then recovers images to enhance neural network robustness against deceptive perturbations, demonstrating improved classification performance.
Contribution
Introducing a novel preprocessing approach using a SARGAN-based recovery process to improve neural network robustness against adversarial noise.
Findings
SARGAN can effectively denoise corrupted images.
The method improves classification accuracy on adversarially perturbed images.
Preprocessing enhances robustness of naturally trained networks.
Abstract
Although deep neural networks have achieved great performance on classification tasks, recent studies showed that well trained networks can be fooled by adding subtle noises. This paper introduces a new approach to improve neural network robustness by applying the recovery process on top of the naturally trained classifier. In this approach, images will be intentionally corrupted by some significant operator and then be recovered before passing through the classifiers. SARGAN -- an extension on Generative Adversarial Networks (GAN) is capable of denoising radar signals. This paper will show that SARGAN can also recover corrupted images by removing the adversarial effects. Our results show that this approach does improve the performance of naturally trained networks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Digital Media Forensic Detection