IEEE Open Journal of Signal Processing (Jan 2024)

Efficient Key-Based Adversarial Defense for ImageNet by Using Pre-Trained Models

  • AprilPyone MaungMaung,
  • Isao Echizen,
  • Hitoshi Kiya

DOI
https://doi.org/10.1109/OJSP.2024.3419569
Journal volume & issue
Vol. 5
pp. 902 – 913

Abstract

Read online

In this paper, we propose key-based defense model proliferation by leveraging pre-trained models and utilizing recent efficient fine-tuning techniques on ImageNet-1 k classification. First, we stress that deploying key-based models on edge devices is feasible with the latest model deployment advancements, such as Apple CoreML, although the mainstream enterprise edge artificial intelligence (Edge AI) has been focused on the Cloud. Then, we point out that the previous key-based defense on on-device image classification is impractical for two reasons: (1) training many classifiers from scratch is not feasible, and (2) key-based defenses still need to be thoroughly tested on large datasets like ImageNet. To this end, we propose to leverage pre-trained models and utilize efficient fine-tuning techniques to proliferate key-based models even on limited compute resources. Experiments were carried out on the ImageNet-1 k dataset using adaptive and non-adaptive attacks. The results show that our proposed fine-tuned key-based models achieve a superior classification accuracy (more than 10% increase) compared to the previous key-based models on classifying clean and adversarial examples.

Keywords