Visual Intelligence (Oct 2024)

A divide-and-conquer reconstruction method for defending against adversarial example attacks

  • Xiyao Liu,
  • Jiaxin Hu,
  • Qingying Yang,
  • Ming Jiang,
  • Jianbiao He,
  • Hui Fang

DOI
https://doi.org/10.1007/s44267-024-00061-y
Journal volume & issue
Vol. 2, no. 1
pp. 1 – 17

Abstract

Read online

Abstract In recent years, defending against adversarial examples has gained significant importance, leading to a growing body of research in this area. Among these studies, pre-processing defense approaches have emerged as a prominent research direction. However, existing adversarial example pre-processing techniques often employ a single pre-processing model to counter different types of adversarial attacks. Such a strategy may miss the nuances between different types of attacks, limiting the comprehensiveness and effectiveness of the defense strategy. To address this issue, we propose a divide-and-conquer reconstruction pre-processing algorithm via multi-classification and multi-network training to more effectively defend against different types of mainstream adversarial attacks. The premise and challenge of the divide-and-conquer reconstruction defense is to distinguish between multiple types of adversarial attacks. Our method designs an adversarial attack classification module that exploits the high-frequency information differences between different types of adversarial examples for their multi-classification, which can hardly be achieved by existing adversarial example detection methods. In addition, we construct a divide-and-conquer reconstruction module that utilizes different trained image reconstruction models for each type of adversarial attack, ensuring optimal defense effectiveness. Extensive experiments show that our proposed divide-and-conquer defense algorithm exhibits superior performance compared to state-of-the-art pre-processing methods.

Keywords