TY - GEN
T1 - LFGN
T2 - 31st IEEE International Conference on Image Processing, ICIP 2024
AU - Hsu, Chih Chung
AU - Wu, Ming Hsuan
AU - Liu, En Chao
N1 - Publisher Copyright:
© 2024 IEEE
PY - 2024
Y1 - 2024
N2 - Adversarial attacks cause deep learning models to fail, which presents a significant challenge in the field. Consequently, the development of adversarial defense techniques has become crucial. Current defense strategies struggle to effectively address adversarial attacks, making a robust defense strategy highly desirable. State-of-the-art adversarial defense schemes mainly rely on adversarial training, which requires massive computational resources. Another strategy, the transform-based approach, is a faster and more efficient way for robust model design. The current state-of-the-art method, Deep-image-prior-based (DIP), requires online training, making fast inference impossible. This paper proposes a novel learning pipeline incorporating conventional low-level features as the transform for fast inference and achieving state-of-the-art performance for adversarial defense. First, we discover the feature transformation for reducing the impact of adversarial attacks since it is hard to approximate using gradients. Conventional low-level feature extraction, such as local binary and ternary patterns, perfectly fits this requirement, allowing us to combine moderate deep neural networks with traditional low-level features for adversarial defense, which could easily be extended to existing defense methods. We conduct comprehensive experiments and analyses to demonstrate the superiority of the proposed adversarial defense scheme and achieve the best trade-off between performance and efficiency in real-world defense scenarios.
AB - Adversarial attacks cause deep learning models to fail, which presents a significant challenge in the field. Consequently, the development of adversarial defense techniques has become crucial. Current defense strategies struggle to effectively address adversarial attacks, making a robust defense strategy highly desirable. State-of-the-art adversarial defense schemes mainly rely on adversarial training, which requires massive computational resources. Another strategy, the transform-based approach, is a faster and more efficient way for robust model design. The current state-of-the-art method, Deep-image-prior-based (DIP), requires online training, making fast inference impossible. This paper proposes a novel learning pipeline incorporating conventional low-level features as the transform for fast inference and achieving state-of-the-art performance for adversarial defense. First, we discover the feature transformation for reducing the impact of adversarial attacks since it is hard to approximate using gradients. Conventional low-level feature extraction, such as local binary and ternary patterns, perfectly fits this requirement, allowing us to combine moderate deep neural networks with traditional low-level features for adversarial defense, which could easily be extended to existing defense methods. We conduct comprehensive experiments and analyses to demonstrate the superiority of the proposed adversarial defense scheme and achieve the best trade-off between performance and efficiency in real-world defense scenarios.
UR - https://www.scopus.com/pages/publications/85216890787
UR - https://www.scopus.com/pages/publications/85216890787#tab=citedBy
U2 - 10.1109/ICIP51287.2024.10647385
DO - 10.1109/ICIP51287.2024.10647385
M3 - Conference contribution
AN - SCOPUS:85216890787
T3 - Proceedings - International Conference on Image Processing, ICIP
SP - 563
EP - 567
BT - 2024 IEEE International Conference on Image Processing, ICIP 2024 - Proceedings
PB - IEEE Computer Society
Y2 - 27 October 2024 through 30 October 2024
ER -