Noisy-Defense Variational Auto-Encoder (ND-VAE): an Adversarial Defense Framework to Eliminate Adversarial Attacks

Authors

Shayan Jalalinour, Portland State University
Banafsheh Rekabdar, Portland State UniversityFollow

Published In

2023 Fifth International Conference on Transdisciplinary AI (transai)

Document Type

Citation

Publication Date

2023

Abstract

This paper presents a robust adversarial defense mechanism, Noisy-Defense Variational Auto-Encoder (ND-VAE), that combines the strengths of Nouveau VAE (NVAE) and Defense-VAE to effectively eliminate adversarial attacks from contaminated images. The ND-VAE, trained using noisy images, not only removes adversarial perturbations but also preserves the image details, thereby lowering adversarial training costs. By utilizing advanced NVAE architectures and incorporating a noise filter, the defense system efficiently mitigates both previously seen and unseen adversarial attacks. Our evaluations on both MNIST and Fashion-MNIST datasets confirm the high efficiency of ND-VAE, including better zero-shot performance, demonstrating a balanced approach to model expressivity and noise resistance in image classifiers.11Code available at https://github.com/shayan223/ND-VAE

Locate the Document

https://doi.org/10.1109/TransAI60598.2023.00018

DOI

10.1109/TransAI60598.2023.00018

Persistent Identifier

https://archives.pdx.edu/ds/psu/41277

Publisher

IEEE

Citation Details

Jalalipour, S., & Rekabdar, B. (2023, September 25). Noisy-Defense Variational Auto-Encoder (ND-VAE): An Adversarial Defense Framework to Eliminate Adversarial Attacks. 2023 Fifth International Conference on Transdisciplinary AI (TransAI). https://doi.org/10.1109/transai60598.2023.00018