Details

Autor(en) / Beteiligte

• Dey, Swarnava
• Dasgupta, Pallab
• Chakrabarti, Partha P

Titel

SymDNN: Simple & Effective Adversarial Robustness for Embedded Systems

Ist Teil von

• 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), 2022, p.3598-3608

Ort / Verlag

IEEE

Erscheinungsjahr

2022

Quelle

IEEE/IET Electronic Library (IEL)

Beschreibungen/Notizen

• We propose SymDNN, a Deep Neural Network (DNN) inference scheme, to segment an input image into small patches, replace those patches with representative symbols, and use the reconstructed image for CNN inference. This approach of deconstruction of images, and the reconstruction from cluster centroids trained on clean images, enhances robustness against adversarial attacks. The input transform used in SymDNN is learned from very large datasets, making it difficult to approximate for adaptive adversarial attacks. For example, SymDNN achieves 23% and 42% robust accuracy at L ∞ attack strengths of 8/255 and 4/255 respectively, against BPDA under a complete white box setting, where most input processing based defenses break completely. SymDNN is not a future-proof adversarial defense that can defend any attack, but it is one of the few readily usable defenses in resource-limited embedded systems that defends against a wide range of attacks. Our code is available at: https://github.com/swadeykgp/SymDNN.