Restoration as a Defense Against Adversarial Perturbations for Spam Image Detection

摘要

Spam image detection is essential for protecting the security and privacy of Internet users and saving network resources. However, we observe a spam image detection system might be out of order due to adversarial perturbations, which can force a classification model to misclassify the input images. To defend against adversarial perturbations, previous researches disorganize the perturbations with fundamental image processing techniques, which shows limited success. Instead, we apply image restoration as a defense, which focuses on restoring the perturbed adversarial images to their original versions. The restoration is achieved by a lightweight preprocessing network, which takes the adversarial images as input and outputs their restored versions for classification. The further evaluation results demonstrate that our defense significantly improves the performance of classification models, requires little cost and outperforms other representative defenses.