{
  "id": "2102.07304",
  "version": "v1",
  "published": "2021-02-15T02:23:33.000Z",
  "updated": "2021-02-15T02:23:33.000Z",
  "title": "CAP-GAN: Towards_Adversarial_Robustness_with_Cycle-consistent_Attentional_Purification",
  "authors": [
    "Mingu Kang",
    "Trung Quang Tran",
    "Seungju Cho",
    "Daeyoung Kim"
  ],
  "categories": [
    "cs.LG",
    "cs.CR",
    "cs.CV"
  ],
  "abstract": "Adversarial attack is aimed at fooling the target classifier with imperceptible perturbation. Adversarial examples, which are carefully crafted with a malicious purpose, can lead to erroneous predictions, resulting in catastrophic accidents. To mitigate the effects of adversarial attacks, we propose a novel purification model called CAP-GAN. CAP-GAN takes account of the idea of pixel-level and feature-level consistency to achieve reasonable purification under cycle-consistent learning. Specifically, we utilize the guided attention module and knowledge distillation to convey meaningful information to the purification model. Once a model is fully trained, inputs would be projected into the purification model and transformed into clean-like images. We vary the capacity of the adversary to argue the robustness against various types of attack strategies. On the CIFAR-10 dataset, CAP-GAN outperforms other pre-processing based defenses under both black-box and white-box settings.",
  "revisions": [
    {
      "version": "v1",
      "updated": "2021-02-15T02:23:33.000Z"
    }
  ],
  "analyses": {
    "keywords": [
      "adversarial attack",
      "novel purification model",
      "convey meaningful information",
      "adversarial examples",
      "knowledge distillation"
    ],
    "note": {
      "typesetting": "TeX",
      "pages": 0,
      "language": "en",
      "license": "arXiv",
      "status": "editable"
    }
  }
}