AID-Purifier: A Light Auxiliary Network for Boosting Adversarial Defense
This work addresses adversarial defense for machine learning security, but it is incremental as it builds on existing purification methods like PixelDefend.
The paper tackles the problem of improving adversarial robustness in neural networks by proposing AID-purifier, an auxiliary network that purifies inputs to boost adversarially-trained classifiers, achieving competitive performance as a lightweight add-on.
We propose an AID-purifier that can boost the robustness of adversarially-trained networks by purifying their inputs. AID-purifier is an auxiliary network that works as an add-on to an already trained main classifier. To keep it computationally light, it is trained as a discriminator with a binary cross-entropy loss. To obtain additionally useful information from the adversarial examples, the architecture design is closely related to information maximization principles where two layers of the main classification network are piped to the auxiliary network. To assist the iterative optimization procedure of purification, the auxiliary network is trained with AVmixup. AID-purifier can be used together with other purifiers such as PixelDefend for an extra enhancement. The overall results indicate that the best performing adversarially-trained networks can be enhanced by the best performing purification networks, where AID-purifier is a competitive candidate that is light and robust.