Embracing Adaptation: An Effective Dynamic Defense Strategy Against Adversarial Examples
Abstract: Existing defense methods against adversarial examples are static, meaning that they remain unchanged once trained, regardless of changes in the attack. Consequently, static defense methods are highly vulnerable to adaptive attacks. We contend that in order to defend against more powerful attacks, the model should continuously adapt to cope with various attack methods. We propose a novel dynamic defense approach that optimizes the input by generating pseudo-labels. Subsequently, it utilizes information maximization and enhanced average prediction as optimization objectives, followed by hierarchical optimization methods to effectively counteract adversarial examples through model parameter optimization. Importantly, our approach is implemented during the inference phase and does not necessitate model retraining. It can be readily applied to existing adversarially trained models, significantly enhancing the robustness of various models against white-box, black-box, and adaptive attacks across diverse datasets. We have conducted extensive experiments to validate the state-of-the-art of our proposed method.
Relevance To Conference: This research enhances the robustness of image-based models in multimedia processing by proposing a dynamic defense approach against adversarial attacks. Adversarial attacks involve introducing slight perturbations to images, which can mislead models and compromise their performance in tasks like object recognition and visual sentiment analysis. The novel approach continuously adapts to various attack methods without requiring model retraining, making it particularly suitable for real-time multimedia applications. By generating pseudo-labels and employing optimization objectives like information maximization, the method effectively counters adversarial examples, ensuring the reliability and integrity of image-based analyses. This adaptability is crucial for maintaining model performance in the face of evolving threats, and the applicability to existing adversarially trained models allows for seamless integration into current multimedia processing systems.
Supplementary Material: zip
Primary Subject Area: [Content] Vision and Language
Submission Number: 1106
Loading