2021 IEEE International Conference on Image Processing
19-22 September 2021 • Anchorage, Alaska, USA
Imaging Without Borders
| Paper ID | SS-MMSDF-2.12 | ||
| Paper Title | A NEURO-INSPIRED AUTOENCODING DEFENSE AGAINST ADVERSARIAL ATTACKS | ||
| Authors | Can Bakiskan, Metehan Cekic, Ahmet Sezer, Upamanyu Madhow, University of California, Santa Barbara, United States | ||
| Session | SS-MMSDF-2: Special Session: AI for Multimedia Security and Deepfake 2 | ||
| Location | Area A | ||
| Session Time: | Tuesday, 21 September, 15:30 - 17:00 | ||
| Presentation Time: | Tuesday, 21 September, 15:30 - 17:00 | ||
| Presentation | Poster | ||
| Topic | Special Sessions: Artificial Intelligence for Multimedia Security and Deepfake | ||
| IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
| Abstract | Deep Neural Networks (DNNs) are vulnerable to adversarial attacks: carefully constructed perturbations to an image can seriously impair classification accuracy, while being imperceptible to humans. The most effective current defense is to train the network using adversarially perturbed examples. In this paper, we investigate a radically different, neuro-inspired defense mechanism, aiming to reject adversarial perturbations before they reach a classifier DNN, using an encoder with characteristics commonly observed in biological vision, followed by a decoder restoring image dimensions that can be cascaded with standard CNN architectures. Unlike adversarial training, all training is based on clean images. Our experiments on the CIFAR-10 and a subset of Imagenet datasets show performance competitive with state-of-the-art adversarial training, and point to the promise of bottom-up neuro-inspired techniques for the design of robust neural networks. | ||