Detecting adversarial examples using image reconstruction differences

“…To ensure a stable and high performance of detecting AEs, Sun et al 35 proposed an AE detection method named image reconstruction differences (IRD) to enhance the robustness of DNNs. In the method, an end-to-end Com-Rec network is used to reconstruct adversarial examples with feature compression to expand the distinguishing features, the image reconstruction differences based on information-theoretic visual information fidelity (VIF), structural information universal quality index (UQI), and spectral information relative average spectral error (RASE) composition are introduced to discriminate adversarial examples.…”

“…Some reforming mechanisms and denoising processes are effective transformation methods for defending against adversarial perturbations. [34][35][36][37][38][39][40] Stochastic defense methods try to replace deterministic models with stochastic structures by adding randomized sets or smoothing the distribution of predictions to increase the difficulty for invaders to produce effective adversarial perturbations. [41][42][43] Adversarial training methods attempt to correctly recognize the real class of adversarial examples by updating the objective functions of models and training with mixed clean images and adversarial examples.…”

Reconstructing images with attention generative adversarial network against adversarial attacks

“…To ensure a stable and high performance of detecting AEs, Sun et al 35 proposed an AE detection method named image reconstruction differences (IRD) to enhance the robustness of DNNs. In the method, an end-to-end Com-Rec network is used to reconstruct adversarial examples with feature compression to expand the distinguishing features, the image reconstruction differences based on information-theoretic visual information fidelity (VIF), structural information universal quality index (UQI), and spectral information relative average spectral error (RASE) composition are introduced to discriminate adversarial examples.…”

“…Some reforming mechanisms and denoising processes are effective transformation methods for defending against adversarial perturbations. [34][35][36][37][38][39][40] Stochastic defense methods try to replace deterministic models with stochastic structures by adding randomized sets or smoothing the distribution of predictions to increase the difficulty for invaders to produce effective adversarial perturbations. [41][42][43] Adversarial training methods attempt to correctly recognize the real class of adversarial examples by updating the objective functions of models and training with mixed clean images and adversarial examples.…”

Reconstructing images with attention generative adversarial network against adversarial attacks

Model-agnostic adversarial example detection via high-frequency amplification