TL;DR
This paper introduces ASD, a spectral decomposition-based defense leveraging DWT to detect and defend against patch and texture adversarial attacks, enhancing robustness in security-critical DNN applications.
Contribution
The paper proposes ASD, a novel spectral analysis method combined with adversarial training, to effectively defend against physically realizable patch and texture adversarial attacks.
Findings
ASD+AT outperforms previous defenses by 21.73% against adaptive attacks.
Spectral analysis captures both high-frequency and low-frequency adversarial perturbations.
The method achieves state-of-the-art robustness in security-critical applications.
Abstract
Adversarial examples present significant challenges to the security of Deep Neural Network (DNN) applications. Specifically, there are patch-based and texture-based attacks that are usually used to craft physical-world adversarial examples, posing real threats to security-critical applications such as person detection in surveillance and autonomous systems, because those attacks are physically realizable. Existing defense mechanisms face challenges in the adaptive attack setting, i.e., the attacks are specifically designed against them. In this paper, we propose Adversarial Spectrum Defense (ASD), a defense mechanism that leverages spectral decomposition via Discrete Wavelet Transform (DWT) to analyze adversarial patterns across multiple frequency scales. The multi-resolution and localization capability of DWT enables ASD to capture both high-frequency (fine-grained) and low-frequency…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
