Frequency Centric Defense Mechanisms against Adversarial Examples
share
Adversarial example (AE) aims at fooling a Convolution Neural Network by introducing small perturbations in the input image.The proposed work uses the magnitude and phase of the Fourier Spectrum and the entropy of the image to defend against AE. We demonstrate the defense in two ways: by training an adversarial detector and denoising the adversarial effect. Experiments were conducted on the low-resolution CIFAR-10 and high-resolution ImageNet datasets. The adversarial detector has 99 CIFAR-10 dataset. However, the detection accuracy falls to 50 sophisticated DeepFool and Carlini Wagner attacks on ImageNet. We overcome the limitation by using autoencoder and show that 70 classified after denoising.
READ FULL TEXT