TY - GEN
T1 - MAEDefense
T2 - 2023 Asia Pacific Signal and Information Processing Association Annual Summit and Conference, APSIPA ASC 2023
AU - Lyu, Wanli
AU - Wu, Mengjiang
AU - Yin, Zhaoxia
AU - Luo, Bin
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Recent studies have demonstrated that deep neural networks (DNNs) are vulnerable to attacks when adversarial perturbations are added to the clean samples. Reconstructing clean samples under the premise of inputting adversarial perturbations is a challenging task. To address this issue, this paper proposes a Mask AutoEncoder Defense (MAEDefense) framework to counter adversarial attacks. Firstly, the adversarial sample is divided into two complementary masked images. Secondly, the two masked images with carefully crafted adversarial noise locations are reassigned to non-adversarial noise locations. Finally, the two reconstructed images are pixel-wise fused (weighted average) to obtain a”clean image”. The proposed method requires no external training and is easy to implement. Experimental results show that the proposed method significantly defends against white-box attacks and black-box transferable attacks compared with state-of-the-art methods.
AB - Recent studies have demonstrated that deep neural networks (DNNs) are vulnerable to attacks when adversarial perturbations are added to the clean samples. Reconstructing clean samples under the premise of inputting adversarial perturbations is a challenging task. To address this issue, this paper proposes a Mask AutoEncoder Defense (MAEDefense) framework to counter adversarial attacks. Firstly, the adversarial sample is divided into two complementary masked images. Secondly, the two masked images with carefully crafted adversarial noise locations are reassigned to non-adversarial noise locations. Finally, the two reconstructed images are pixel-wise fused (weighted average) to obtain a”clean image”. The proposed method requires no external training and is easy to implement. Experimental results show that the proposed method significantly defends against white-box attacks and black-box transferable attacks compared with state-of-the-art methods.
UR - https://www.scopus.com/pages/publications/85180009312
U2 - 10.1109/APSIPAASC58517.2023.10317132
DO - 10.1109/APSIPAASC58517.2023.10317132
M3 - 会议稿件
AN - SCOPUS:85180009312
T3 - 2023 Asia Pacific Signal and Information Processing Association Annual Summit and Conference, APSIPA ASC 2023
SP - 1915
EP - 1922
BT - 2023 Asia Pacific Signal and Information Processing Association Annual Summit and Conference, APSIPA ASC 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 31 October 2023 through 3 November 2023
ER -