Defense against adversarial attacks on deep convolutional neural networks through nonlocal denoising: a data-centric approach

Sandhya Aneja, Nagender Aneja, Pg Emeroylariffion Abas, Abdul Ghani Naim

Abstract


Despite substantial advancements in network architecture performance, the susceptibility of adversarial attacks makes deep learning difficult to implement in safety-critical applications. This paper proposes a data-centric approach to addressing this problem. A nonlocal denoising method with different luminance values has been used to generate adversarial examples from the MNIST and CIFAR-10 data sets. Under perturbation, the method provided absolute accuracy improvements of up to 9.3% in the MNIST data set and 13% in the CIFAR-10 data set. Training using transformed images with higher luminance values increases the robustness of the classifier. We have shown that transfer learning is disadvantageous for adversarial machine learning. The results indicate that simple adversarial examples can improve resilience and make deep learning easier to apply in various applications.


Keywords


Adversarial attack; Convolutional neural network; Denoising; Machine learning; Perturbation;



DOI: http://doi.org/10.11591/ijai.v11.i3.pp%25p

Refbacks

  • There are currently no refbacks.


View IJAI Stats

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.