Adversarial Example Defense via Perturbation Grading Strategy

TL;DR

This paper introduces a perturbation grading strategy that assigns different defense tactics to adversarial examples based on their perturbation strength, enhancing robustness without altering the original model.

Contribution

It proposes a novel perturbation grading approach that improves adversarial defense effectiveness and reduces deployment costs by serving as a preprocessing step.

Findings

Effective defense against various adversarial perturbations

Improves robustness without modifying the original model

Reduces deployment cost in practical applications

Abstract

Deep Neural Networks have been widely used in many fields. However, studies have shown that DNNs are easily attacked by adversarial examples, which have tiny perturbations and greatly mislead the correct judgment of DNNs. Furthermore, even if malicious attackers cannot obtain all the underlying model parameters, they can use adversarial examples to attack various DNN-based task systems. Researchers have proposed various defense methods to protect DNNs, such as reducing the aggressiveness of adversarial examples by preprocessing or improving the robustness of the model by adding modules. However, some defense methods are only effective for small-scale examples or small perturbations but have limited defense effects for adversarial examples with large perturbations. This paper assigns different defense strategies to adversarial perturbations of different strengths by grading the perturbations on the input examples. Experimental results show that the proposed method effectively improves defense performance. In addition, the proposed method does not modify any task model, which can be used as a preprocessing module, which significantly reduces the deployment cost in practical applications.