Image Super-Resolution as a Defense Against Adversarial Attacks

Mustafa, Aamir; Khan, Salman; Hayat, Munawar; Shen, Jianbing; Shao, Ling

doi:10.1109/tip.2019.2940533

Cited by 139 publications

(71 citation statements)

References 63 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mustafa et al [181] hypothesized that a generated-well image super-resolution model is enough to project the off-themanifold adversarial samples into the natural image manifold. Therefore, Mustafa et al [181] proposed a defense mechanism, deep image restoration networks, to defend against a wide range of recently proposed adversarial attacks. First, the adversarial perturbation is suppressed by wavelet domain filtering [182].…”

Section: E: Image Super-resolutionmentioning

confidence: 99%

Privacy and Security Issues in Deep Learning: A Survey

et al. 2021

View full text Add to dashboard Cite

Section: E: Image Super-resolutionmentioning

confidence: 99%

Privacy and Security Issues in Deep Learning: A Survey

et al. 2021

View full text Add to dashboard Cite

“…They introduced a feature denoising method for defending PGD white-box attacks. Reference [32] proposed an efficient approach that bring adversarial samples onto the natural image manifold, restoring classification towards correct classes. Reference [33] maximally separated the polytopes of classes by force to learn distinct and distant decision regions for each classes.…”

Section: B Defense Methodsmentioning

confidence: 99%

Adversarial Dual Network Learning With Randomized Image Transform for Restoring Attacked Images

Yuan

2020

IEEE Access

View full text Add to dashboard Cite

We develop a new method for defending deep neural networks against attacks using adversarial dual network learning with randomized nonlinear image transform. We introduce a randomized nonlinear transform to disturb and partially destroy the sophisticated pattern of attack noise. We then design a generative cleaning network to recover the original image content damaged by this nonlinear transform and remove residual attack noise. We also construct a detector network which serves as the dual network for the target classifier to be defended, being able to detect patterns of attack noise. The generative cleaning network and detector network are jointly trained using adversarial learning, fighting against each other to minimize both perceptual loss and adversarial loss. Our extensive experimental results demonstrate that our approach improves the state-of-art by large margins in both white-box and black-box attacks. It significantly improves the classification accuracy for white-box attacks upon the second best method by more than 30% on the SVHN dataset and more than 14% on the challenging CIFAR-10 dataset. INDEX TERMS Adversarial attack, adversarial defense, deep neural network.

show abstract

“…Recently, combining the super-resolution tasks with adversarial attacks has emerged. Mustafa et al [16] presents a method employing super-resolution to defense deep image classifiers against adversarial attacks. Yin et al [22] employ the adversarial attack on super-resolution to fool the subsequent computer vision tasks.…”

Section: Related Workmentioning

confidence: 99%

Evaluating Robustness of Deep Image Super-Resolution Against Adversarial Attacks

Choi

Zhang

Kim

et al. 2019

2019 IEEE/CVF International Conference on Computer Vision (ICCV)

View full text Add to dashboard Cite

Single-image super-resolution aims to generate a highresolution version of a low-resolution image, which serves as an essential component in many computer vision applications. This paper investigates the robustness of deep learning-based super-resolution methods against adversarial attacks, which can significantly deteriorate the superresolved images without noticeable distortion in the attacked low-resolution images. It is demonstrated that stateof-the-art deep super-resolution methods are highly vulnerable to adversarial attacks. Different levels of robustness of different methods are analyzed theoretically and experimentally. We also present analysis on transferability of attacks, and feasibility of targeted attacks and universal attacks.

show abstract

Image Super-Resolution as a Defense Against Adversarial Attacks

Cited by 139 publications

References 63 publications

Privacy and Security Issues in Deep Learning: A Survey

Privacy and Security Issues in Deep Learning: A Survey

Adversarial Dual Network Learning With Randomized Image Transform for Restoring Attacked Images

Evaluating Robustness of Deep Image Super-Resolution Against Adversarial Attacks

Contact Info

Product

Resources

About