Timezone: »

 
Oral
ME-Net: Towards Effective Adversarial Robustness with Matrix Estimation
Yuzhe Yang · GUO ZHANG · Zhi Xu · Dina Katabi

Wed Jun 12 11:25 AM -- 11:30 AM (PDT) @ Grand Ballroom
in Adversarial Examples »

Deep neural networks are vulnerable to adversarial attacks. The literature is rich with algorithms that can easily craft successful adversarial examples. In contrast, the performance of defense techniques still lags behind. This paper proposes ME-Net, a defense method that leverages matrix estimation (ME). In ME-Net, images are preprocessed using two steps: first pixels are randomly dropped from the image; then, the image is reconstructed using ME. We show that this process destroys the adversarial structure of the noise, while re-enforcing the global structure in the original image. Since humans typically rely on such global structures in classifying images, the process makes the network mode compatible with human perception. We conduct comprehensive experiments on prevailing benchmarks such as MNIST, CIFAR-10, SVHN, and Tiny-ImageNet. Comparing ME-Net with state-of-the-art defense mechanisms shows that ME-Net consistently outperforms prior techniques, improving robustness against both black-box and white-box attacks.

[ Slides [ Video

Author Information

Yuzhe Yang (MIT)
GUO ZHANG (MIT)
Zhi Xu (MIT)
Dina Katabi (MIT)

Related Events (a corresponding poster, oral, or spotlight)

More from the Same Authors