Adversarial Defense by Stratified Convolutional Sparse Coding
This addresses the problem of adversarial vulnerabilities in neural networks for AI security applications, representing a strong specific gain rather than a foundational breakthrough.
The paper tackles adversarial attacks on neural networks by proposing a defense method based on convolutional sparse coding, achieving state-of-the-art performance among attack-agnostic defenses with robustness to factors like input resolution and perturbation scale.
We propose an adversarial defense method that achieves state-of-the-art performance among attack-agnostic adversarial defense methods while also maintaining robustness to input resolution, scale of adversarial perturbation, and scale of dataset size. Based on convolutional sparse coding, we construct a stratified low-dimensional quasi-natural image space that faithfully approximates the natural image space while also removing adversarial perturbations. We introduce a novel Sparse Transformation Layer (STL) in between the input image and the first layer of the neural network to efficiently project images into our quasi-natural image space. Our experiments show state-of-the-art performance of our method compared to other attack-agnostic adversarial defense methods in various adversarial settings.