Corrupting Data to Remove Deceptive Perturbation: Using Preprocessing Method to Improve System Robustness
This work addresses the vulnerability of neural networks to adversarial noise, which is a critical security issue in AI systems, though it appears incremental as it builds on existing GAN-based techniques.
The paper tackles the problem of adversarial attacks on deep neural networks by introducing a preprocessing method that intentionally corrupts and then recovers images to remove deceptive perturbations, showing that this approach improves the robustness of naturally trained networks.
Although deep neural networks have achieved great performance on classification tasks, recent studies showed that well trained networks can be fooled by adding subtle noises. This paper introduces a new approach to improve neural network robustness by applying the recovery process on top of the naturally trained classifier. In this approach, images will be intentionally corrupted by some significant operator and then be recovered before passing through the classifiers. SARGAN -- an extension on Generative Adversarial Networks (GAN) is capable of denoising radar signals. This paper will show that SARGAN can also recover corrupted images by removing the adversarial effects. Our results show that this approach does improve the performance of naturally trained networks.