Defense Against Adversarial Attacks with Efficient Frequency-Adaptive Compression and Reconstruction

Zhonghan Niu; Yu-Bin Yang

Defense Against Adversarial Attacks with Efficient Frequency-Adaptive Compression and Reconstruction

Zhonghan Niu, Yu-Bin Yang

Published: 01 Jan 2023, Last Modified: 11 Nov 2024Pattern Recognit. 2023EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: Highlights•This paper systematically analyzes the robustness of elimination-based defense under closed-set and open-set attacks. Experimental results show that the residual perturbations can exhibit attacking effects as strong as full perturbations.•This paper reveals that it is essential to improve the robustness by breaking the correlation between perturbations and legitimate information, together with compressing the attachment space of perturbations.•This paper proposes an efficient defense strategy, Frequency-Adaptive Compression and rEconstruction (FACE), to mitigate attacking effects.•Extensive experimental results demonstrate that the proposed method achieves a 27.9% improvement in robust accuracy on ImageNet over elimination-based defense methods, and reduces TASR and FPR under closed-set and open-set attacks.

Loading