Robustness Of Saak Transform Against Adversarial Attacks
This work addresses the vulnerability of image classification systems to adversarial attacks, which is a critical security issue for AI applications, but it appears incremental as it builds upon existing Saak transform methods.
The authors tackled the problem of adversarial attacks on image classification by investigating the robustness of the Saak transform, resulting in a complete classification system that demonstrates improved robustness through extensive experimental evaluations on well-known datasets and attacks.
Image classification is vulnerable to adversarial attacks. This work investigates the robustness of Saak transform against adversarial attacks towards high performance image classification. We develop a complete image classification system based on multi-stage Saak transform. In the Saak transform domain, clean and adversarial images demonstrate different distributions at different spectral dimensions. Selection of the spectral dimensions at every stage can be viewed as an automatic denoising process. Motivated by this observation, we carefully design strategies of feature extraction, representation and classification that increase adversarial robustness. The performances with well-known datasets and attacks are demonstrated by extensive experimental evaluations.