Efficient Preemptive Robustification with Image Sharpening

TL;DR

This paper introduces a novel, simple image sharpening technique that enhances neural network robustness against adversarial attacks without complex optimization or additional training, making it efficient and interpretable.

Contribution

The paper presents the first surrogate-free, optimization-free, generator-free, and human-interpretable robustification method using image sharpening to improve neural network robustness.

Findings

Sharpening significantly improves robustness in transfer scenarios.

The method requires low computational resources.

It outperforms some existing defenses in efficiency and effectiveness.

Abstract

Despite their great success, deep neural networks rely on high-dimensional, non-robust representations, making them vulnerable to imperceptible perturbations, even in transfer scenarios. To address this, both training-time defenses (e.g., adversarial training and robust architecture design) and post-attack defenses (e.g., input purification and adversarial detection) have been extensively studied. Recently, a limited body of work has preliminarily explored a pre-attack defense paradigm, termed preemptive robustification, which introduces subtle modifications to benign samples prior to attack to proactively resist adversarial perturbations. Unfortunately, their practical applicability remains questionable due to several limitations, including (1) reliance on well-trained classifiers as surrogates to provide robustness priors, (2) substantial computational overhead arising from iterative optimization or trained generators for robustification, and (3) limited interpretability of the optimization- or generation-based robustification processes. Inspired by recent studies revealing a positive correlation between texture intensity and the robustness of benign samples, we show that image sharpening alone can efficiently robustify images. To the best of our knowledge, this is the first surrogate-free, optimization-free, generator-free, and human-interpretable robustification approach. Extensive experiments demonstrate that sharpening yields remarkable robustness gains with low computational cost, especially in transfer scenarios.