Adversarial Defense by Stratified Convolutional Sparse Coding
Abstract
We propose an adversarial defense method that achieves state-of-the-art performance among attack-agnostic adversarial defense methods while also maintaining robustness to input resolution, scale of adversarial perturbation, and scale of dataset size. Based on convolutional sparse coding, we construct a stratified low-dimensional quasi-natural image space that faithfully approximates the natural image space while also removing adversarial perturbations. We introduce a novel Sparse Transformation Layer (STL) in between the input image and the first layer of the neural network to efficiently project images into our quasi-natural image space. Our experiments show state-of-the-art performance of our method compared to other attack-agnostic adversarial defense methods in various adversarial settings.
Cite
Text
Sun et al. "Adversarial Defense by Stratified Convolutional Sparse Coding." Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2019. doi:10.1109/CVPR.2019.01171Markdown
[Sun et al. "Adversarial Defense by Stratified Convolutional Sparse Coding." Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2019.](https://mlanthology.org/cvpr/2019/sun2019cvpr-adversarial/) doi:10.1109/CVPR.2019.01171BibTeX
@inproceedings{sun2019cvpr-adversarial,
title = {{Adversarial Defense by Stratified Convolutional Sparse Coding}},
author = {Sun, Bo and Tsai, Nian-Hsuan and Liu, Fangchen and Yu, Ronald and Su, Hao},
booktitle = {Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition},
year = {2019},
doi = {10.1109/CVPR.2019.01171},
url = {https://mlanthology.org/cvpr/2019/sun2019cvpr-adversarial/}
}