Harmonizing Feature Maps: A Graph Convolutional Approach for Enhancing Adversarial Robustness

TL;DR

This paper introduces FMR-GC, a graph convolution-based module that harmonizes feature maps to improve the robustness of neural networks against adversarial attacks, without sacrificing accuracy.

Contribution

We propose a novel plug-and-play graph convolution module, FMR-GC, that calibrates contaminated features by harmonizing feature maps, enhancing adversarial robustness.

Findings

FMR-GC improves robustness against adversarial attacks.

FMR-GC maintains high accuracy on clean data.

FMR-GC is scalable and compatible with existing training methods.

Abstract

The vulnerability of Deep Neural Networks to adversarial perturbations presents significant security concerns, as the imperceptible perturbations can contaminate the feature space and lead to incorrect predictions. Recent studies have attempted to calibrate contaminated features by either suppressing or over-activating particular channels. Despite these efforts, we claim that adversarial attacks exhibit varying disruption levels across individual channels. Furthermore, we argue that harmonizing feature maps via graph and employing graph convolution can calibrate contaminated features. To this end, we introduce an innovative plug-and-play module called Feature Map-based Reconstructed Graph Convolution (FMR-GC). FMR-GC harmonizes feature maps in the channel dimension to reconstruct the graph, then employs graph convolution to capture neighborhood information, effectively calibrating contaminated features. Extensive experiments have demonstrated the superior performance and scalability of FMR-GC. Moreover, our model can be combined with advanced adversarial training methods to considerably enhance robustness without compromising the model's clean accuracy.