RGN-Defense: erasing adversarial perturbations using deep residual generative network

摘要

In recent years, deep neural networks have achieved great success in various fields, especially in computer vision. However, recent investigations have shown that current state-of-the-art classification models are highly vulnerable to adversarial perturbations contained in the input examples. Therefore, we propose a defense methodology against the adversarial perturbations. Prior to a targeted network, adversarial perturbations are erased or mitigated via a deep residual generative network (RGN). Through adopting an auxiliary network VGG-19, the RGN is trained toward optimization of a joint loss, including low-level pixel loss, middle-level texture loss, and high-level task loss, thereby the restored examples are highly consistent with the original legitimate examples. We call our proposed defense based on RGN as RGN-Defense. It is an independent defense module that can be flexibly integrated with other defense strategy, for example, adversarial training, to construct a more powerful defense system. In the experiment, we evaluate our approach on ImageNet, and the comprehensive results have demonstrated robustness of RGN-Defense against current representative attacks. (C) 2019 SPIE and IS&T