Denoised Internal Models: a Brain-Inspired Autoencoder against Adversarial Attacks
This addresses the robustness problem in deep learning for security-critical applications, representing a novel method rather than an incremental improvement.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by proposing Denoised Internal Models (DIM), a brain-inspired autoencoder that effectively defends against 42 adversarial attacks and outperforms state-of-the-art methods in overall robustness.
Despite its great success, deep learning severely suffers from robustness; that is, deep neural networks are very vulnerable to adversarial attacks, even the simplest ones. Inspired by recent advances in brain science, we propose the Denoised Internal Models (DIM), a novel generative autoencoder-based model to tackle this challenge. Simulating the pipeline in the human brain for visual signal processing, DIM adopts a two-stage approach. In the first stage, DIM uses a denoiser to reduce the noise and the dimensions of inputs, reflecting the information pre-processing in the thalamus. Inspired from the sparse coding of memory-related traces in the primary visual cortex, the second stage produces a set of internal models, one for each category. We evaluate DIM over 42 adversarial attacks, showing that DIM effectively defenses against all the attacks and outperforms the SOTA on the overall robustness.