“…To ensure a stable and high performance of detecting AEs, Sun et al 35 proposed an AE detection method named image reconstruction differences (IRD) to enhance the robustness of DNNs. In the method, an end-to-end Com-Rec network is used to reconstruct adversarial examples with feature compression to expand the distinguishing features, the image reconstruction differences based on information-theoretic visual information fidelity (VIF), structural information universal quality index (UQI), and spectral information relative average spectral error (RASE) composition are introduced to discriminate adversarial examples.…”
Section: Image Reconstructionmentioning
confidence: 99%
“…Some reforming mechanisms and denoising processes are effective transformation methods for defending against adversarial perturbations. [34][35][36][37][38][39][40] Stochastic defense methods try to replace deterministic models with stochastic structures by adding randomized sets or smoothing the distribution of predictions to increase the difficulty for invaders to produce effective adversarial perturbations. [41][42][43] Adversarial training methods attempt to correctly recognize the real class of adversarial examples by updating the objective functions of models and training with mixed clean images and adversarial examples.…”
“…To ensure a stable and high performance of detecting AEs, Sun et al 35 proposed an AE detection method named image reconstruction differences (IRD) to enhance the robustness of DNNs. In the method, an end-to-end Com-Rec network is used to reconstruct adversarial examples with feature compression to expand the distinguishing features, the image reconstruction differences based on information-theoretic visual information fidelity (VIF), structural information universal quality index (UQI), and spectral information relative average spectral error (RASE) composition are introduced to discriminate adversarial examples.…”
Section: Image Reconstructionmentioning
confidence: 99%
“…Some reforming mechanisms and denoising processes are effective transformation methods for defending against adversarial perturbations. [34][35][36][37][38][39][40] Stochastic defense methods try to replace deterministic models with stochastic structures by adding randomized sets or smoothing the distribution of predictions to increase the difficulty for invaders to produce effective adversarial perturbations. [41][42][43] Adversarial training methods attempt to correctly recognize the real class of adversarial examples by updating the objective functions of models and training with mixed clean images and adversarial examples.…”
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.