HYBRID DEFENSE FOR DEEP NEURAL NETWORKS: AN INTEGRATION OF DETECTING AND CLEANING ADVERSARIAL PERTURBATIONS

Nowadays, deep neural networks (DNN) have achieved significant success in computer vision. However, recent investigations have shown that DNN models are highly vulnerable to an input adversarial example. How to defense against adversarial examples is an essential issue to improve the robustness of DNN models. In this paper, we present a hybrid defense framework that integrates detecting and cleaning adversarial perturbations to protect DNN. Specifically, the detecting part consists of statistical detector and Gaussian noise injection detector which are adaptive to perturbation characteristics to inspect adversarial examples, and the cleaning part is a deep residual generative network (ResGN) for removing or mitigating the adversarial perturbations. The parameters of ResGN are optimized by minimizing a joint loss including a pixel loss, a texture loss and a task loss. In the experiments, we evaluate our approach on ImageNet and the comprehensive results validate its robustness against current representative attacks.