Electronic Research Archive (Oct 2023)

EITGAN: A Transformation-based Network for recovering adversarial examples

  • Junjie Zhao ,
  • Junfeng Wu,
  • James Msughter Adeke,
  • Guangjie Liu ,
  • Yuewei Dai

DOI
https://doi.org/10.3934/era.2023335
Journal volume & issue
Vol. 31, no. 11
pp. 6634 – 6656

Abstract

Read online

Adversarial examples have been shown to easily mislead neural networks, and many strategies have been proposed to defend them. To address the problem that most transformation-based defense strategies will degrade the accuracy of clean images, we proposed an Enhanced Image Transformation Generative Adversarial Network (EITGAN). Positive perturbations were employed in the EITGAN to counteract adversarial effects while enhancing the classified performance of the samples. We also used the image super-resolution method to mitigate the effect of adversarial perturbations. The proposed method does not require modification or retraining of the classifier. Extensive experiments demonstrated that the enhanced samples generated by the EITGAN effectively defended against adversarial attacks without compromising human visual recognition, and their classification performance was superior to that of clean images.

Keywords