The Defense of Adversarial Example with Conditional Generative Adversarial Networks

Abstract EN

Deep neural network approaches have made remarkable progress in many machine learning tasks.

However, the latest research indicates that they are vulnerable to adversarial perturbations.

An adversary can easily mislead the network models by adding well-designed perturbations to the input.

The cause of the adversarial examples is unclear.

Therefore, it is challenging to build a defense mechanism.

In this paper, we propose an image-to-image translation model to defend against adversarial examples.

The proposed model is based on a conditional generative adversarial network, which consists of a generator and a discriminator.

The generator is used to eliminate adversarial perturbations in the input.

The discriminator is used to distinguish generated data from original clean data to improve the training process.

In other words, our approach can map the adversarial images to the clean images, which are then fed to the target deep learning model.

The defense mechanism is independent of the target model, and the structure of the framework is universal.

A series of experiments conducted on MNIST and CIFAR10 show that the proposed method can defend against multiple types of attacks while maintaining good performance.