Go to DBLP homepageDeep Learning Defense Method Against Adversarial Attacks
Abstract: Recent research has revealed that the output of Deep Neural Networks (DNN) can be easily altered by adding relatively small perturbations to the input pixels. These pixels have to be filtered out for defending DNN that will cause lots of computations. To reduce the computation, in this paper, the pixels that their slight change will cause the neural network to have a wrong result for prediction are found out and filtered out for defense goal. Experiment results show that our defense method has achieved about 85% defense success rate with filtering out 50 mutation pixels.
Loading