Improving Robustness with Image Filtering
This addresses the problem of adversarial attacks in computer vision, offering a defense method that avoids costly adversarial training, though it appears incremental as it builds on existing filtering and graph-based approaches.
The paper tackles adversarial robustness in deep learning by introducing a new image filtering scheme called Image-Graph Extractor (IGE) and a defense method, Filtering As a Defense, which prevents attackers from exploiting pixel correlations to create malicious patterns, validated on CIFAR-10, CIFAR-100, and ImageNet.
Adversarial robustness is one of the most challenging problems in Deep Learning and Computer Vision research. All the state-of-the-art techniques require a time-consuming procedure that creates cleverly perturbed images. Due to its cost, many solutions have been proposed to avoid Adversarial Training. However, all these attempts proved ineffective as the attacker manages to exploit spurious correlations among pixels to trigger brittle features implicitly learned by the model. This paper first introduces a new image filtering scheme called Image-Graph Extractor (IGE) that extracts the fundamental nodes of an image and their connections through a graph structure. By leveraging the IGE representation, we build a new defense method, Filtering As a Defense, that does not allow the attacker to entangle pixels to create malicious patterns. Moreover, we show that data augmentation with filtered images effectively improves the model's robustness to data corruption. We validate our techniques on CIFAR-10, CIFAR-100, and ImageNet.