Efficient Key-Based Adversarial Defense for ImageNet by Using Pre-trained Model
This work addresses the challenge of implementing robust adversarial defenses on resource-constrained edge devices, though it is incremental as it builds on existing key-based defense concepts with improved efficiency.
The paper tackled the impracticality of deploying key-based adversarial defenses on edge devices by leveraging pre-trained models and efficient fine-tuning on ImageNet-1k, resulting in a more than 10% increase in classification accuracy for both clean and adversarial examples compared to previous methods.
In this paper, we propose key-based defense model proliferation by leveraging pre-trained models and utilizing recent efficient fine-tuning techniques on ImageNet-1k classification. First, we stress that deploying key-based models on edge devices is feasible with the latest model deployment advancements, such as Apple CoreML, although the mainstream enterprise edge artificial intelligence (Edge AI) has been focused on the Cloud. Then, we point out that the previous key-based defense on on-device image classification is impractical for two reasons: (1) training many classifiers from scratch is not feasible, and (2) key-based defenses still need to be thoroughly tested on large datasets like ImageNet. To this end, we propose to leverage pre-trained models and utilize efficient fine-tuning techniques to proliferate key-based models even on limited computing resources. Experiments were carried out on the ImageNet-1k dataset using adaptive and non-adaptive attacks. The results show that our proposed fine-tuned key-based models achieve a superior classification accuracy (more than 10% increase) compared to the previous key-based models on classifying clean and adversarial examples.