Robust and Efficient Interference Neural Networks for Defending Against Adversarial Attacks in ImageNet
This work addresses the critical issue of adversarial vulnerabilities in deep learning for image recognition, offering a more efficient solution for researchers and practitioners, though it appears incremental as it builds on existing adversarial training approaches.
The paper tackles the problem of defending against adversarial attacks on ImageNet by proposing an interference neural network that uses additional background images and labels with a pre-trained ResNet-152, achieving better defense effects under PGD attacks with much smaller computing resources compared to state-of-the-art methods.
The existence of adversarial images has seriously affected the task of image recognition and practical application of deep learning, it is also a key scientific problem that deep learning urgently needs to solve. By far the most effective approach is to train the neural network with a large number of adversarial examples. However, this adversarial training method requires a huge amount of computing resources when applied to ImageNet, and has not yet achieved satisfactory results for high-intensity adversarial attacks. In this paper, we construct an interference neural network by applying additional background images and corresponding labels, and use pre-trained ResNet-152 to efficiently complete the training. Compared with the state-of-the-art results under the PGD attack, it has a better defense effect with much smaller computing resources. This work provides new ideas for academic research and practical applications of effective defense against adversarial attacks.