Robust and Efficient Interference Neural Networks for Defending Against Adversarial Attacks in ImageNet

TL;DR

This paper introduces a novel interference neural network method that enhances robustness against adversarial attacks on ImageNet, using background images and labels with pre-trained ResNet-152 to reduce computational costs.

Contribution

The paper proposes a new interference neural network approach that improves adversarial defense efficiency and effectiveness on ImageNet, surpassing state-of-the-art results with less computation.

Findings

Outperforms state-of-the-art defenses under PGD attack

Requires significantly fewer computational resources

Provides a practical approach for robust image recognition

Abstract

The existence of adversarial images has seriously affected the task of image recognition and practical application of deep learning, it is also a key scientific problem that deep learning urgently needs to solve. By far the most effective approach is to train the neural network with a large number of adversarial examples. However, this adversarial training method requires a huge amount of computing resources when applied to ImageNet, and has not yet achieved satisfactory results for high-intensity adversarial attacks. In this paper, we construct an interference neural network by applying additional background images and corresponding labels, and use pre-trained ResNet-152 to efficiently complete the training. Compared with the state-of-the-art results under the PGD attack, it has a better defense effect with much smaller computing resources. This work provides new ideas for academic research and practical applications of effective defense against adversarial attacks.