Efficient Image Compression Model to Defend Adversarial Examples

ComDefend presents an innovative approach in the field of computer vision with its efficient image compression model aimed at defending against adversarial examples. By employing an end-to-end image compression model, ComDefend extracts and downscales features to enhance the robustness of neural networks. The model utilizes Loss Functions for Training, Experiments with CIFAR-10 Classifier, and provides insights into the structure of ComCNN and RecCNN. Through its proposed method, ComDefend offers a promising solution to safeguard neural networks against adversarial attacks.

• Image compression
• Adversarial examples
• Neural networks
• Computer vision
• Efficient defense

roja_iz Follow

Uploaded on Oct 10, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. ComDefend: An Efficient Image Compression Model to Defend Adversarial Examples CVPR 2019 Poster

2. Existing Defense Method Enhance the robustness of neural networks itself. (Adversarial training, Label smoothing (COT), .) Need to retrain the neural networks. Pre-processing methods. (Remove noises in adversarial examples) Require a lot of adversarial images when training the denoiser.

3. Proposed Method An end-to-end image compression model

4. Structure of ComCNN Extract the features of the original image + Generate 256 feature maps

5. Structure of ComCNN Downscale the features of the input image

6. ComDefend Model

7. Structure of RecCNN

8. Loss Functions for Training For ComCNN: to use more 0 to encode the image information ?1?1 = ? ???(?1,?)2 For RecCNN: to reconstruct the original image with high quality 1 2 ?2?2 = 2? ??? ?2,??? ?1,? ? Unified Loss:? ?1,?2 = ?1?1 + ?2?2

9. Experiments Data Set: CIFAR-10 Classifier: ResNet-50

10. Experiments Defense in test time test images to be classified ComDefend Reconstructed images train clean images Classifier Labels

11. Experiments Defense in training and test time test images to be classified train images to be trained ComDefend Reconstructed images ComDefend Reconstructed images train Classifier Labels

12. Experiments Data Set: CIFAR-10 Classifier: ResNet-50

13. Experiments Data Set: CIFAR-10 Classifier: ResNet-50

14. Experiments Another 5 tables like this on different data and models are not shown on slides

15. Contributions Propose an end-to-end image compression model to defend adversarial examples Design a unified learning algorithm to simultaneously learn the weights of two CNN modules within ComDefend Find that adding gaussian noise can improve the defending performance Defeat the state-of-the-art defense models including the winner of NIPS 2017 adversarial challenge

16. Comments + Adequate experiments + Good writing and Nice name (compress and reconstruction) - No explanation about why adding Gaussian noises - Some redundant content and lack of some important explanations