{
  "id": "1812.06570",
  "version": "v1",
  "published": "2018-12-17T01:13:44.000Z",
  "updated": "2018-12-17T01:13:44.000Z",
  "title": "Defense-VAE: A Fast and Accurate Defense against Adversarial Attacks",
  "authors": [
    "Xiang Li",
    "Shihao Ji"
  ],
  "categories": [
    "cs.CV"
  ],
  "abstract": "Deep neural networks (DNNs) have been enormously successful across a variety of prediction tasks. However, recent research shows that DNNs are particularly vulnerable to adversarial attacks, which poses a serous threat to their applications in security-sensitive systems. In this paper, we propose a simple yet effective defense algorithm Defense-VAE that uses variational autoencoder (VAE) to purge adversarial perturbations from contaminated images. The proposed method is generic and can defend white-box and black-box attacks without the need of retraining the original CNN classifiers, and can further strengthen the defense by retraining CNN or end-to-end finetuning the whole pipeline. In addition, the proposed method is very efficient compared to the optimization-based alternatives, such as Defense-GAN, since no iterative optimization is needed for online prediction. Extensive experiments on MNIST, Fashion-MNIST, CelebA and CIFAR-10 demonstrate the superior defense accuracy of Defense-VAE compared to Defense-GAN, while being 50x faster than the latter. This makes Defense-VAE widely deployable in real-time security-sensitive systems. We plan to open source our implementation to facilitate the research in this area.",
  "revisions": [
    {
      "version": "v1",
      "updated": "2018-12-17T01:13:44.000Z"
    }
  ],
  "analyses": {
    "keywords": [
      "adversarial attacks",
      "accurate defense",
      "effective defense algorithm defense-vae",
      "deep neural networks",
      "purge adversarial perturbations"
    ],
    "note": {
      "typesetting": "TeX",
      "pages": 0,
      "language": "en",
      "license": "arXiv",
      "status": "editable"
    }
  }
}