Abstract
Deep Neural Networks (DNNs) are vulnerable to specially designed attacks due to their limited robustness. Abstraction methods can help extract critical features for learning, thereby reducing the disturbance caused by insignificant information. In this paper, we propose a pixelation-based abstraction method to enhance the empirical robustness of DNNs. The method partitions image pixels into superpixels and assigns each an appropriate colour from a continuously updated palette. Two hyperparameters control the abstraction level, allowing for resolution adjustment. Training and evaluation are conducted on pixelated datasets. Extensive experiments across benchmarks and loss landscape analysis demonstrate that our method (i) reduces attack success rates by up to 26.37% while maintaining high accuracy; (ii) exhibits a significant defense against diverse attack methods; and (iii) achieves smoother loss landscapes, underscoring its potential to enhance model robustness.
| Original language | English |
|---|---|
| Pages (from-to) | 1756-1761 |
| Number of pages | 6 |
| Journal | Proceedings of the IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom |
| Issue number | 2024 |
| DOIs | |
| State | Published - 2024 |
| Event | 23rd IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2024 - Sanya, China Duration: 17 Dec 2024 → 21 Dec 2024 |
Keywords
- Abstraction
- Adversarial Defense
- Image Classification
- Neural Network
- Pixelation
- Robustness