Go to DBLP homepageBlack-Box Adversarial Defense Based on Image Decomposition and Reconstruction
Abstract: Adversarial attacks have challenged the security of deep neural networks (DNNs) recently. The most prominent adversarial attack methods include backdoor attacks, adversarial examples, etc. These attack methods inject triggers or perturbations into images, leading to extremely dangerous security vulnerability in deep learning domain. The various forms of adversarial attacks can contaminate DNNs with their distinct characteristics. The complexity of adversarial attack poses a great challenge to designing a general defense strategy. In this paper, we propose a novel defense method against most of adversarial attacks through Image Decomposition and Reconstruction (IDR). Our method can be applied to poisoned images without the need for internal information about the model or any prior knowledge of the clean/poisoned images. We apply a linear transformation on the poisoned image to destroy the perturbations or triggers and deploy a pre-trained diffusion model to reconstruct the original information. In particular, we propose a novel reverse process that utilizes the consistency of range-null space decomposition to guide the generation of purified images. The decomposition of the range-null space can guarantee the retrieval of image information, which enhances the robustness of our method and contributes to the reliable purification of poisoned images. We assess the effectiveness of our proposed IDR against various prevalent backdoor attacks, adversarial examples and Image-Scaling attack methods. The experimental results highlight the outstanding defensive capabilities of our proposed IDR, demonstrating an exceptionally high defense success rate.
External IDs:dblp:journals/tmm/YuCLCGLZ25
Loading