Unsupervised Adversarial Defense through Tandem Deep Image Priors

Unsupervised Adversarial Defense through Tandem Deep Image Priors

Deep neural networks are vulnerable to the adversarial example synthesized by adding imperceptible perturbations to the original image but can fool the classifier to provide wrong prediction outputs. This paper proposes an image restoration approach which provides a strong defense mechanism to provi...

Full description

Bibliographic Details
Main Authors: Yu Shi, Cien Fan, Lian Zou, Caixia Sun, Yifeng Liu
Format: Article
Language:English
Published: MDPI AG 2020-11-01
Series:Electronics
Subjects:
adversarial example
deep learning
image restoration
unsupervised learning
Online Access:https://www.mdpi.com/2079-9292/9/11/1957
id doaj-db0613431e4c4824887b91afb29114e2
record_format Article
spelling doaj-db0613431e4c4824887b91afb29114e22020-11-25T04:01:29ZengMDPI AGElectronics2079-92922020-11-0191957195710.3390/electronics9111957Unsupervised Adversarial Defense through Tandem Deep Image PriorsYu Shi0Cien Fan1Lian Zou2Caixia Sun3Yifeng Liu4School of Electronic Information, Wuhan University, Wuhan 430072, ChinaSchool of Electronic Information, Wuhan University, Wuhan 430072, ChinaSchool of Electronic Information, Wuhan University, Wuhan 430072, ChinaSchool of Electronic Information, Wuhan University, Wuhan 430072, ChinaNational Engineering Laboratory for Public Safety Risk Perception and Control by Big Data (NEL-PSRPC), Beijing 100041, ChinaDeep neural networks are vulnerable to the adversarial example synthesized by adding imperceptible perturbations to the original image but can fool the classifier to provide wrong prediction outputs. This paper proposes an image restoration approach which provides a strong defense mechanism to provide robustness against adversarial attacks. We show that the unsupervised image restoration framework, deep image prior, can effectively eliminate the influence of adversarial perturbations. The proposed method uses multiple deep image prior networks called tandem deep image priors to recover the original image from adversarial example. Tandem deep image priors contain two deep image prior networks. The first network captures the main information of images and the second network recovers original image based on the prior information provided by the first network. The proposed method reduces the number of iterations originally required by deep image prior network and does not require adjusting the classifier or pre-training. It can be combined with other defensive methods. Our experiments show that the proposed method surprisingly achieves higher classification accuracy on ImageNet against a wide variety of adversarial attacks than previous state-of-the-art defense methods.https://www.mdpi.com/2079-9292/9/11/1957adversarial exampledeep learningimage restorationunsupervised learning
collection DOAJ
language English
format Article
sources DOAJ
author Yu Shi
Cien Fan
Lian Zou
Caixia Sun
Yifeng Liu
spellingShingle Yu Shi
Cien Fan
Lian Zou
Caixia Sun
Yifeng Liu
Unsupervised Adversarial Defense through Tandem Deep Image Priors
Electronics
adversarial example
deep learning
image restoration
unsupervised learning
author_facet Yu Shi
Cien Fan
Lian Zou
Caixia Sun
Yifeng Liu
author_sort Yu Shi
title Unsupervised Adversarial Defense through Tandem Deep Image Priors
title_short Unsupervised Adversarial Defense through Tandem Deep Image Priors
title_full Unsupervised Adversarial Defense through Tandem Deep Image Priors
title_fullStr Unsupervised Adversarial Defense through Tandem Deep Image Priors
title_full_unstemmed Unsupervised Adversarial Defense through Tandem Deep Image Priors
title_sort unsupervised adversarial defense through tandem deep image priors
publisher MDPI AG
series Electronics
issn 2079-9292
publishDate 2020-11-01
description Deep neural networks are vulnerable to the adversarial example synthesized by adding imperceptible perturbations to the original image but can fool the classifier to provide wrong prediction outputs. This paper proposes an image restoration approach which provides a strong defense mechanism to provide robustness against adversarial attacks. We show that the unsupervised image restoration framework, deep image prior, can effectively eliminate the influence of adversarial perturbations. The proposed method uses multiple deep image prior networks called tandem deep image priors to recover the original image from adversarial example. Tandem deep image priors contain two deep image prior networks. The first network captures the main information of images and the second network recovers original image based on the prior information provided by the first network. The proposed method reduces the number of iterations originally required by deep image prior network and does not require adjusting the classifier or pre-training. It can be combined with other defensive methods. Our experiments show that the proposed method surprisingly achieves higher classification accuracy on ImageNet against a wide variety of adversarial attacks than previous state-of-the-art defense methods.
topic adversarial example
deep learning
image restoration
unsupervised learning
url https://www.mdpi.com/2079-9292/9/11/1957
work_keys_str_mv AT yushi unsupervisedadversarialdefensethroughtandemdeepimagepriors
AT cienfan unsupervisedadversarialdefensethroughtandemdeepimagepriors
AT lianzou unsupervisedadversarialdefensethroughtandemdeepimagepriors
AT caixiasun unsupervisedadversarialdefensethroughtandemdeepimagepriors
AT yifengliu unsupervisedadversarialdefensethroughtandemdeepimagepriors
_version_ 1724446735754854400

Similar Items