Defensive denoising methods against adversarial attack
Abstract: Deep neural networks are highly vulnerable to adversarial examples. An adversarial example is an image with small perturbation designed to make the networks missclassify it. In this paper, we propose two defensive methods. First, we use denoising methods using ROF model and NL-means model before classification to remove adversarial noise. Second, we perturb images in certain directions to escape from the adversarial area. Experiments on the universal adversarial perturbations(UAP) show that proposed methods can remove adversarial noise and perform better classification.
Keywords: Deep Learning, Adversarial attack
3 Replies
Loading