A Mask-Based Adversarial Defense Scheme
This addresses the vulnerability of DNNs to adversarial perturbations, offering a defense method without architectural changes, though it appears incremental as it builds on existing adversarial defense techniques.
The paper tackles the problem of adversarial attacks on Deep Neural Networks by proposing a Mask-based Adversarial Defense scheme that improves robustness by randomly masking portions of adversarial images, resulting in classification accuracy improvements of up to 20% to 90% in some scenarios.
Adversarial attacks hamper the functionality and accuracy of Deep Neural Networks (DNNs) by meddling with subtle perturbations to their inputs.In this work, we propose a new Mask-based Adversarial Defense scheme (MAD) for DNNs to mitigate the negative effect from adversarial attacks. To be precise, our method promotes the robustness of a DNN by randomly masking a portion of potential adversarial images, and as a result, the %classification result output of the DNN becomes more tolerant to minor input perturbations. Compared with existing adversarial defense techniques, our method does not need any additional denoising structure, nor any change to a DNN's design. We have tested this approach on a collection of DNN models for a variety of data sets, and the experimental results confirm that the proposed method can effectively improve the defense abilities of the DNNs against all of the tested adversarial attack methods. In certain scenarios, the DNN models trained with MAD have improved classification accuracy by as much as 20% to 90% compared to the original models that are given adversarial inputs.