Adversarial Defense by Suppressing High-frequency Components
This work addresses adversarial robustness in image classification, particularly for models biased towards textures, but it is incremental as it builds on existing adversarial training methods.
The paper tackled the vulnerability of deep neural networks to high-frequency adversarial perturbations by developing a differentiable high-frequency suppression module based on discrete Fourier transform, combined with adversarial training, achieving 5th place in the IJCAI-2019 Alibaba Adversarial AI Challenge.
Recent works show that deep neural networks trained on image classification dataset bias towards textures. Those models are easily fooled by applying small high-frequency perturbations to clean images. In this paper, we learn robust image classification models by removing high-frequency components. Specifically, we develop a differentiable high-frequency suppression module based on discrete Fourier transform (DFT). Combining with adversarial training, we won the 5th place in the IJCAI-2019 Alibaba Adversarial AI Challenge. Our code is available online.