Defense against adversarial attacks on deep convolutional neural networks through nonlocal denoising

TL;DR

This paper introduces a nonlocal denoising approach with luminance variation to generate adversarial examples, enhancing the robustness of deep neural networks against attacks on datasets like MNIST and CIFAR-10.

Contribution

It presents a data-centric method using luminance-based nonlocal denoising to improve deep learning robustness against adversarial attacks, highlighting the effectiveness of transformed images.

Findings

Up to 9.3% accuracy improvement on MNIST

Up to 13% accuracy improvement on CIFAR-10

Training with higher luminance images increases classifier robustness

Abstract

Despite substantial advances in network architecture performance, the susceptibility of adversarial attacks makes deep learning challenging to implement in safety-critical applications. This paper proposes a data-centric approach to addressing this problem. A nonlocal denoising method with different luminance values has been used to generate adversarial examples from the Modified National Institute of Standards and Technology database (MNIST) and Canadian Institute for Advanced Research (CIFAR-10) data sets. Under perturbation, the method provided absolute accuracy improvements of up to 9.3% in the MNIST data set and 13% in the CIFAR-10 data set. Training using transformed images with higher luminance values increases the robustness of the classifier. We have shown that transfer learning is disadvantageous for adversarial machine learning. The results indicate that simple adversarial examples can improve resilience and make deep learning easier to apply in various applications.