Detecting and Correcting Adversarial Images Using Image Processing Operations
This addresses the security problem of adversarial attacks for DNN-based systems, but it is incremental as it builds on existing image processing techniques.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by proposing an image-processing-based method that detects adversarial images and restores their original labels, demonstrating efficiency in both detection and correction on a custom adversarial dataset derived from ImageNet.
Deep neural networks (DNNs) have achieved excellent performance on several tasks and have been widely applied in both academia and industry. However, DNNs are vulnerable to adversarial machine learning attacks, in which noise is added to the input to change the network output. We have devised an image-processing-based method to detect adversarial images based on our observation that adversarial noise is reduced after applying these operations while the normal images almost remain unaffected. In addition to detection, this method can be used to restore the adversarial images' original labels, which is crucial to restoring the normal functionalities of DNN-based systems. Testing using an adversarial machine learning database we created for generating several types of attack using images from the ImageNet Large Scale Visual Recognition Challenge database demonstrated the efficiency of our proposed method for both detection and correction.