Versatile Defense Against Adversarial Attacks on Image Recognition

TL;DR

This paper introduces a single, versatile image-to-image translation model that effectively defends against various adversarial attacks, significantly improving classification accuracy and outperforming attack-specific defenses.

Contribution

The paper proposes a unified defense model based on image-to-image translation that resists multiple adversarial attacks with one training process, reducing resource costs.

Findings

Classification accuracy improved to 86% on average.

Outperforms attack-specific defense models on PGD and MI-FGSM attacks.

Maintains robustness across different attack strengths.

Abstract

Adversarial attacks present a significant security risk to image recognition tasks. Defending against these attacks in a real-life setting can be compared to the way antivirus software works, with a key consideration being how well the defense can adapt to new and evolving attacks. Another important factor is the resources involved in terms of time and cost for training defense models and updating the model database. Training many models that are specific to each type of attack can be time-consuming and expensive. Ideally, we should be able to train one single model that can handle a wide range of attacks. It appears that a defense method based on image-to-image translation may be capable of this. The proposed versatile defense approach in this paper only requires training one model to effectively resist various unknown adversarial attacks. The trained model has successfully improved the classification accuracy from nearly zero to an average of 86%, performing better than other defense methods proposed in prior studies. When facing the PGD attack and the MI-FGSM attack, versatile defense model even outperforms the attack-specific models trained based on these two attacks. The robustness check also shows that our versatile defense model performs stably regardless with the attack strength.