Adversarial Defense Through High Frequency Loss Variational Autoencoder Decoder and Bayesian Update With Collective Voting

In recent years, Deep Neural Network (DNN) approaches for computer vision tasks have shown tremendous promise and potential. However, they are vulnerable to data that are carefully crafted with adversarial attacks, which can cause mis-prediction and raise security risk to real-world deep learning systems. To make the DNN-based approaches more robust, we propose a defense strategy based on High Frequency Loss Variational Autoencoder Decoder (VAE) and randomization among multiple post-VAE classifiers' predictions. The main contributions of the proposed defense framework are: 1) a new adversarial defense framework that features randomization process to effectively mitigate adversarial attacks; 2) reconstruction of high-quality images from adversarial samples with the VAE enhanced with spatial frequency loss; 3) use of a Bayesian process to jointly combine the collective voting results and the targeted classifier's prediction for final decision. We evaluate our approach and compare it with existing approaches on CIFAR10 and Fashion-MNIST data sets. The experimental study shows that the proposed method outperforms existing methods.