VectorDefense: Vectorization as a Defense to Adversarial Examples
This addresses the vulnerability of neural networks to adversarial attacks, but it is incremental as it focuses on a specific dataset and transformation method.
The paper tackles the problem of adversarial examples in deep neural networks by using image vectorization as an input transformation to map adversarial examples back to the natural manifold of MNIST handwritten digits, achieving results comparable to state-of-the-art input transformations.
Training deep neural networks on images represented as grids of pixels has brought to light an interesting phenomenon known as adversarial examples. Inspired by how humans reconstruct abstract concepts, we attempt to codify the input bitmap image into a set of compact, interpretable elements to avoid being fooled by the adversarial structures. We take the first step in this direction by experimenting with image vectorization as an input transformation step to map the adversarial examples back into the natural manifold of MNIST handwritten digits. We compare our method vs. state-of-the-art input transformations and further discuss the trade-offs between a hand-designed and a learned transformation defense.