Defending Adversarial Attacks by Correcting logits
This work addresses adversarial robustness for deep learning models, offering a transferable and interpretable defense, though it is incremental as it builds on existing logit-based approaches.
The paper tackles the problem of defending against adversarial attacks in deep learning by proposing a method that uses logits to detect and recover original predictions, achieving promising defense accuracy across various attacks.
Generating and eliminating adversarial examples has been an intriguing topic in the field of deep learning. While previous research verified that adversarial attacks are often fragile and can be defended via image-level processing, it remains unclear how high-level features are perturbed by such attacks. We investigate this issue from a new perspective, which purely relies on logits, the class scores before softmax, to detect and defend adversarial attacks. Our defender is a two-layer network trained on a mixed set of clean and perturbed logits, with the goal being recovering the original prediction. Upon a wide range of adversarial attacks, our simple approach shows promising results with relatively high accuracy in defense, and the defender can transfer across attackers with similar properties. More importantly, our defender can work in the scenarios that image data are unavailable, and enjoys high interpretability especially at the semantic level.