DLR: Adversarial examples detection and label recovery for deep neural networks

Deep neural networks (DNNs) have been shown to be vulnerable to adversarial examples crafted by adversaries to deceive the target model. Two popular approaches to mitigate this issue are adversarial training and adversarial example detection. Adversarial training aims to enable the target model to accurately recognize adversarial examples in image classification tasks; however, it often lacks generalizability. Conversely, adversarial detection demonstrates good generalization but does not assist the target model in recognizing adversarial examples. In this paper, we first define the label recovery task to address the adversarial challenges faced by DNNs. We then propose a novel generative classifier specifically for the adversarial example label recovery task. This method is termed Detection and Label Recovery (DLR), which comprises two components: Detector and Recover. The Detector processes both legitimate and adversarial examples, while the Recover component seeks to ascertain the ground-truth label of the detected adversarial example. DLR effectively combines the strengths of adversarial training and adversarial example detection. Experimental results demonstrate that our method outperforms several state-of-the-art approaches.