| Title | Encryption Inspired Adversarial Defense For Visual Classification |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Maung, Maung, Pyone, April, Kiya, Hitoshi |
| Conference Name | 2020 IEEE International Conference on Image Processing (ICIP) |
| Date Published | oct |
| Keywords | adversarial defense, Adversarial Machine Learning, composability, Computer vision, Encryption, machine learning, Metrics, perceptual image encryption, Perturbation methods, pubcrawl, resilience, Resiliency, Training, Transforms, white box cryptography |
| Abstract | Conventional adversarial defenses reduce classification accuracy whether or not a model is under attacks. Moreover, most of image processing based defenses are defeated due to the problem of obfuscated gradients. In this paper, we propose a new adversarial defense which is a defensive transform for both training and test images inspired by perceptual image encryption methods. The proposed method utilizes a block-wise pixel shuffling method with a secret key. The experiments are carried out on both adaptive and non-adaptive maximum-norm bounded white-box attacks while considering obfuscated gradients. The results show that the proposed defense achieves high accuracy (91.55%) on clean images and (89.66%) on adversarial examples with noise distance of 8/255 on CFAR-10 dataset. Thus, the proposed defense outperforms state-of-the-art adversarial defenses including latent adversarial training, adversarial training and thermometer encoding. |
| DOI | 10.1109/ICIP40778.2020.9190904 |
| Citation Key | maung_encryption_2020 |
Encryption Inspired Adversarial Defense For Visual Classification