Open AccessAdversarial example defense based on image reconstruction
Author(s) -
Yu Zhang,
Huan Xu,
Chengfei Pei,
Gaoming Yang
Publication year - 2021
Publication title -
peerj. computer science
Language(s) - English
Resource type - Journals
ISSN - 2376-5992
DOI - 10.7717/peerj-cs.811
Subject(s) - mnist database , adversarial system , computer science , artificial intelligence , preprocessor , image (mathematics) , artificial neural network , pixel , classifier (uml) , deep neural networks , pattern recognition (psychology) , machine learning , computer vision
The rapid development of deep neural networks (DNN) has promoted the widespread application of image recognition, natural language processing, and autonomous driving. However, DNN is vulnerable to adversarial examples, such as an input sample with imperceptible perturbation which can easily invalidate the DNN and even deliberately modify the classification results. Therefore, this article proposes a preprocessing defense framework based on image compression reconstruction to achieve adversarial example defense. Firstly, the defense framework performs pixel depth compression on the input image based on the sensitivity of the adversarial example to eliminate adversarial perturbations. Secondly, we use the super-resolution image reconstruction network to restore the image quality and then map the adversarial example to the clean image. Therefore, there is no need to modify the network structure of the classifier model, and it can be easily combined with other defense methods. Finally, we evaluate the algorithm with MNIST, Fashion-MNIST, and CIFAR-10 datasets; the experimental results show that our approach outperforms current techniques in the task of defending against adversarial example attacks.