Timezone: »

Towards Defending against Adversarial Examples via Attack-Invariant Features
Dawei Zhou · Tongliang Liu · Bo Han · Nannan Wang · Chunlei Peng · Xinbo Gao

Thu Jul 22 07:20 PM -- 07:25 PM (PDT) @ None

Deep neural networks (DNNs) are vulnerable to adversarial noise. Their adversarial robustness can be improved by exploiting adversarial examples. However, given the continuously evolving attacks, models trained on seen types of adversarial examples generally cannot generalize well to unseen types of adversarial examples. To solve this problem, in this paper, we propose to remove adversarial noise by learning generalizable invariant features across attacks which maintain semantic classification information. Specifically, we introduce an adversarial feature learning mechanism to disentangle invariant features from adversarial noise. A normalization term has been proposed in the encoded space of the attack-invariant features to address the bias issue between the seen and unseen types of attacks. Empirical evaluations demonstrate that our method could provide better protection in comparison to previous state-of-the-art approaches, especially against unseen types of attacks and adaptive attacks.

Author Information

Dawei Zhou (Xidian University)
Tongliang Liu (The University of Sydney)
Nannan Wang (Xidian University)
Chunlei Peng (Xidian University)
Xinbo Gao (Chongqing University of Posts and Telecommunications)

Related Events (a corresponding poster, oral, or spotlight)

More from the Same Authors