Robust Recovery of Adversarial Examples
Keywords: Recovery Adversarial Sample, FGSM, RFGSM, Attention UNet, Self Attention, GAN
TL;DR: A novel architecture and training procedure for robustly recover adversarial samples and boosting classification accuracy without modifying the classifier.
Abstract: Adversarial examples are semantically associated with one class, but modern deep learning architectures fail to see the semantics and associate them to another class. As a result, these examples pose a profound risk to almost every deep learning model. Our proposed architecture can recover such examples effectively with more than 4x the magnitude of attacks than the capability of the state-of-the-art model, despite having lesser parameters than the VGG-13 model. It is composed of a U-Net with the characteristics of self-attention & cross-attention, which enhances the semantics of the image. Our work also encompasses the differences in the results between Noise and Image reconstruction methodologies.
2 Replies
Loading