Sparse Coding Frontend for Robust Neural Networks
This addresses the problem of adversarial robustness for neural network users, offering a novel approach that is incremental in its application to defense mechanisms.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by introducing a sparse coding frontend trained only on clean images, which significantly attenuates attacks before classification, demonstrating promise as a general-purpose defense on CIFAR-10 across various attack types.
Deep Neural Networks are known to be vulnerable to small, adversarially crafted, perturbations. The current most effective defense methods against these adversarial attacks are variants of adversarial training. In this paper, we introduce a radically different defense trained only on clean images: a sparse coding based frontend which significantly attenuates adversarial attacks before they reach the classifier. We evaluate our defense on CIFAR-10 dataset under a wide range of attack types (including Linf , L2, and L1 bounded attacks), demonstrating its promise as a general-purpose approach for defense.