Adversarial robustness is one of the most challenging problems in Deep Learning and Computer Vision research. State-of-the-art techniques to enforce robustness are based on Adversarial Training, a computationally costly optimization procedure. For this reason, many alternative solutions have been proposed, but none proved effective under stronger or adaptive attacks. This paper presents Image-Graph Extractor (IGE), a new image filtering scheme that extracts the fundamental nodes of an image and their connections through a graph structure. By utilizing the IGE representation, we have developed a new defense technique, Filtering as a Defense, which prevents attackers from creating malicious patterns that can deceive image classifiers. Moreover, we show that data augmentation with filtered images effectively improves the model's robustness to data corruptions. We validate our techniques on Convolutional Neural Networks on CIFAR-10, CIFAR-100, and ImageNet.

Improving robustness with image filtering

Terzi M.;Carletti M.;Susto G. A.
2024

Abstract

Adversarial robustness is one of the most challenging problems in Deep Learning and Computer Vision research. State-of-the-art techniques to enforce robustness are based on Adversarial Training, a computationally costly optimization procedure. For this reason, many alternative solutions have been proposed, but none proved effective under stronger or adaptive attacks. This paper presents Image-Graph Extractor (IGE), a new image filtering scheme that extracts the fundamental nodes of an image and their connections through a graph structure. By utilizing the IGE representation, we have developed a new defense technique, Filtering as a Defense, which prevents attackers from creating malicious patterns that can deceive image classifiers. Moreover, we show that data augmentation with filtered images effectively improves the model's robustness to data corruptions. We validate our techniques on Convolutional Neural Networks on CIFAR-10, CIFAR-100, and ImageNet.
2024
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11577/3531190
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
  • OpenAlex ND
social impact