TY - GEN
T1 - A Feature Guided Denoising Network For Adversarial Defense
AU - Li, Jinhui
AU - Xu, Dahao
AU - Qin, Yining
AU - Deng, Xinyang
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - As neural networks are playing a more and more significant role in many fields, they are also under the risk of being attacked by adversarial examples, which becomes a great challenge to the whole community. Due to this problem, networks cannot provide the guaranteed security when they are used in some security-sensitive scenarios. In this paper, a feature guided denoising network for adversarial defense is studied. Specifically, a denoising network is designed to remove possible adversarial perturbations on the input image. and a novel training method of the denoising network is proposed to improve the performance, in which deep features extracted from clean examples by the pretrained classifier is used as supervision information in the training process. Experimental results reveal that the proposed method shows satisfactory performance on defending against several white-box adversarial attacks. Besides, combination of the proposed method and adversarial training is studied, which achieves very good results compared to the other experiments reported in this paper.
AB - As neural networks are playing a more and more significant role in many fields, they are also under the risk of being attacked by adversarial examples, which becomes a great challenge to the whole community. Due to this problem, networks cannot provide the guaranteed security when they are used in some security-sensitive scenarios. In this paper, a feature guided denoising network for adversarial defense is studied. Specifically, a denoising network is designed to remove possible adversarial perturbations on the input image. and a novel training method of the denoising network is proposed to improve the performance, in which deep features extracted from clean examples by the pretrained classifier is used as supervision information in the training process. Experimental results reveal that the proposed method shows satisfactory performance on defending against several white-box adversarial attacks. Besides, combination of the proposed method and adversarial training is studied, which achieves very good results compared to the other experiments reported in this paper.
KW - adversarial defense
KW - adversarial examples
KW - image denoising
KW - infrared image
UR - http://www.scopus.com/inward/record.url?scp=85146490419&partnerID=8YFLogxK
U2 - 10.1109/ICUS55513.2022.9986817
DO - 10.1109/ICUS55513.2022.9986817
M3 - 会议稿件
AN - SCOPUS:85146490419
T3 - Proceedings of 2022 IEEE International Conference on Unmanned Systems, ICUS 2022
SP - 393
EP - 398
BT - Proceedings of 2022 IEEE International Conference on Unmanned Systems, ICUS 2022
A2 - Song, Rong
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE International Conference on Unmanned Systems, ICUS 2022
Y2 - 28 October 2022 through 30 October 2022
ER -