VQUNet: Vector Quantization U-Net for Defending Adversarial Atacks by Regularizing Unwanted Noise

TL;DR

This paper introduces VQUNet, a novel vector quantization-based U-Net model that effectively defends against adversarial attacks by reducing noise and reconstructing data, improving robustness with minimal accuracy loss.

Contribution

VQUNet employs a discrete latent space and multi-scale structure to enhance adversarial noise reduction and data reconstruction, outperforming existing methods.

Findings

VQUNet improves robustness against adversarial attacks on Fashion-MNIST and CIFAR10.

The method causes less than 1% accuracy degradation without attacks.

It outperforms state-of-the-art noise-reduction defenses.

Abstract

Deep Neural Networks (DNN) have become a promising paradigm when developing Artificial Intelligence (AI) and Machine Learning (ML) applications. However, DNN applications are vulnerable to fake data that are crafted with adversarial attack algorithms. Under adversarial attacks, the prediction accuracy of DNN applications suffers, making them unreliable. In order to defend against adversarial attacks, we introduce a novel noise-reduction procedure, Vector Quantization U-Net (VQUNet), to reduce adversarial noise and reconstruct data with high fidelity. VQUNet features a discrete latent representation learning through a multi-scale hierarchical structure for both noise reduction and data reconstruction. The empirical experiments show that the proposed VQUNet provides better robustness to the target DNN models, and it outperforms other state-of-the-art noise-reduction-based defense methods under various adversarial attacks for both Fashion-MNIST and CIFAR10 datasets. When there is no adversarial attack, the defense method has less than 1% accuracy degradation for both datasets.