Improving White-box Robustness of Pre-processing Defenses via Joint Adversarial Training

arXiv:2106.05453v2 Announce Type: replace
Abstract: Deep neural networks (DNNs) are vulnerable to adversarial noise. A range of adversarial defense techniques have been proposed to mitigate the interference of adversarial noise, among which the input pre-processing methods are scalable and show great potential to safeguard DNNs. However, pre-processing methods may suffer from the robustness degradation effect, in which the defense reduces rather than improving the adversarial robustness of a target model in a white-box setting. A potential cause of this negative …

abstract adversarial adversarial training arxiv box cs.cv defense however improving interference networks neural networks noise pre-processing processing robustness scalable show training type via vulnerable