Adversarial Perturbation Defense Algorithms via Manifold Projections and Denoising
Keywords:
Adversarial Attacks, Manifold Projection, Denoising, Robustness, Deep Learning, FGSM, PGDAbstract
Adversarial perturbations represent an important challenge to the dependability and robustness of deep neural networks, especially in critical applications like self-driving cars, healthcare, and cybersecurity. Traditional approaches to defending neural networks, such as adversarial training, gradient masking, and input processing, usually either fail to generalize to novel attacks or impact the accuracy on unperturbed input. The proposed paper addresses this problem by developing a novel defense mechanism in which a manifold projection and a denoising autoencoder work in concert in order to defend the neural network. The former projects the input perturbed by an attacker into the low-dimensional subspace of unperturbed input data, which decreases the effect of attacks; the latter eliminates the remaining noise but preserves all necessary information. The hybrid defense is tested on CNN, ResNet-18, and VGG-16 neural networks trained on the CIFAR-10 dataset in response to FGSM, PGD, and DeepFool attacks. The experiment shows that the developed technique achieves 18%-21% improvement in adversarial robustness in comparison to existing defense methods while keeping excellent clean-data accuracy.
