VQUNet: Vector Quantization U-Net for Defending Adversarial Atacks by Regularizing Unwanted Noise
This addresses the problem of unreliable DNN predictions under adversarial attacks for AI/ML applications, presenting an incremental improvement over existing noise-reduction defenses.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by introducing VQUNet, a noise-reduction method that reduces adversarial noise and reconstructs data with high fidelity, showing better robustness and outperforming state-of-the-art methods on Fashion-MNIST and CIFAR10 datasets with less than 1% accuracy degradation when no attack is present.
Deep Neural Networks (DNN) have become a promising paradigm when developing Artificial Intelligence (AI) and Machine Learning (ML) applications. However, DNN applications are vulnerable to fake data that are crafted with adversarial attack algorithms. Under adversarial attacks, the prediction accuracy of DNN applications suffers, making them unreliable. In order to defend against adversarial attacks, we introduce a novel noise-reduction procedure, Vector Quantization U-Net (VQUNet), to reduce adversarial noise and reconstruct data with high fidelity. VQUNet features a discrete latent representation learning through a multi-scale hierarchical structure for both noise reduction and data reconstruction. The empirical experiments show that the proposed VQUNet provides better robustness to the target DNN models, and it outperforms other state-of-the-art noise-reduction-based defense methods under various adversarial attacks for both Fashion-MNIST and CIFAR10 datasets. When there is no adversarial attack, the defense method has less than 1% accuracy degradation for both datasets.