Improving robustness with image filtering

Adversarial robustness is one of the most challenging problems in Deep Learning and Computer Vision research. State-of-the-art techniques to enforce robustness are based on Adversarial Training, a computationally costly optimization procedure. For this reason, many alternative solutions have been proposed, but none proved effective under stronger or adaptive attacks. This paper presents Image-Graph Extractor (IGE), a new image filtering scheme that extracts the fundamental nodes of an image and their connections through a graph structure. By utilizing the IGE representation, we have developed a new defense technique, Filtering as a Defense, which prevents attackers from creating malicious patterns that can deceive image classifiers. Moreover, we show that data augmentation with filtered images effectively improves the model's robustness to data corruptions. We validate our techniques on Convolutional Neural Networks on CIFAR-10, CIFAR-100, and ImageNet.