Go to DBLP homepageAn Extension of Encryption-Inspired Adversarial Defense with Secret Keys against Adversarial Examples
Abstract: Recently, encryption-inspired block-wise image transformation with a secret key was proposed to defend against adversarial examples. The adversarial defense was also demonstrated to outperform state-of-the-art defenses. In this work, we first extend the block-wise image transformation for increasing its key space by using additional transformation steps. Moreover, the extended defense is extensively evaluated in terms of robustness against various attacks under a number of metrics. We also conduct adaptive attacks with key estimation. In an experiment, the extended defense is confirmed not only to increases the key space, but also to improve the performance accuracy, while maintaining the overall accuracy close to a non-robust model. The evaluation results also suggest that the extended defense is robust against both non-adaptive and adaptive attacks as long as its keys are secret. Furthermore, the extended defense is confirmed to outperform state-of-the-art adversarial defenses with the noise distance of 8/255 on CIFAR-10 dataset.
Loading