Test-Time Defense Against Adversarial Attacks via Stochastic Resonance of Latent Ensembles
This addresses the vulnerability of models to adversarial attacks across various tasks, offering a practical, training-free solution, though it is incremental as it builds on existing defense concepts.
The paper tackles the problem of defending against adversarial attacks on machine learning models by proposing a test-time defense mechanism that uses stochastic resonance to enhance robustness without information loss, recovering up to 68.1% of accuracy loss in image classification, 71.9% in stereo matching, and 29.2% in optical flow.
We propose a test-time defense mechanism against adversarial attacks: imperceptible image perturbations that significantly alter the predictions of a model. Unlike existing methods that rely on feature filtering or smoothing, which can lead to information loss, we propose to "combat noise with noise" by leveraging stochastic resonance to enhance robustness while minimizing information loss. Our approach introduces small translational perturbations to the input image, aligns the transformed feature embeddings, and aggregates them before mapping back to the original reference image. This can be expressed in a closed-form formula, which can be deployed on diverse existing network architectures without introducing additional network modules or fine-tuning for specific attack types. The resulting method is entirely training-free, architecture-agnostic, and attack-agnostic. Empirical results show state-of-the-art robustness on image classification and, for the first time, establish a generic test-time defense for dense prediction tasks, including stereo matching and optical flow, highlighting the method's versatility and practicality. Specifically, relative to clean (unperturbed) performance, our method recovers up to 68.1% of the accuracy loss on image classification, 71.9% on stereo matching, and 29.2% on optical flow under various types of adversarial attacks.