RCA-SOC: A novel adversarial defense by refocusing on critical areas and strengthening object contours

Abstract The success of deep learning is greatly attributed to its representation capability especially in computer vision tasks. However, recent studies have shown that deep neural networks (DNNs) are often vulnerable to adversarial attacks. To determine the common ground of various attacks, we compare the difference between clean and adversarial examples via the model hidden feature visualization method, i.e. heatmap, as adversarial perturbations are usually imperceptible for human visual systems. It was observed that the adversarial examples generated by various attack methods are capable of fooling DNNs by scattering critical areas of the image and blurring object contours. Inspired by these findings, we created a direct but effective defense by Refocusing on Critical Areas and Strengthening Object Contours, briefly RCA-SOC. It is a pixel attention weight-based defense composed of a pixel channel attention and a pixel plane attention. Critical areas of the images can be reconstructed by the pixel channel attention, while object contour is strengthened by the pixel plane attention. The effect of RCA-SOC against different attacks were demonstrated on scalable models and datasets. Furthermore, current state-of-the-art defense methods were shown to improve when cascaded with RCA-SOC. To demonstrate its practical application, RCA-SOC also showed its effectiveness in a case study of not suitable for work (NSFW) recognition.

[1]  Hui Xiong,et al.  POBA-GA: Perturbation Optimized Black-Box Adversarial Attacks via Genetic Algorithm , 2019, Comput. Secur..

[2]  Xiang Lin,et al.  A novel image segmentation method based on fast density clustering algorithm , 2018, Eng. Appl. Artif. Intell..

[3]  Ananthram Swami,et al.  Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[4]  Zhuowen Tu,et al.  Aggregated Residual Transformations for Deep Neural Networks , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[5]  Xinbo Gao,et al.  Deep Graphical Feature Learning for Face Sketch Synthesis , 2017, IJCAI.

[6]  Shih-Ming Yang,et al.  A fast method for image noise estimation using Laplacian operator and adaptive edge detection , 2008, 2008 3rd International Symposium on Communications, Control and Signal Processing.

[7]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[8]  Dawn Xiaodong Song,et al.  Practical Black-Box Attacks on Deep Neural Networks Using Efficient Query Mechanisms , 2018, ECCV.

[9]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[10]  D Marr,et al.  Theory of edge detection , 1979, Proceedings of the Royal Society of London. Series B. Biological Sciences.

[11]  Fei Yang,et al.  Mining API usage change rules for software framework evolution , 2018, Sci. China Inf. Sci..

[12]  Jun Zhu,et al.  Boosting Adversarial Attacks with Momentum , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[13]  Jian Liu,et al.  Defense Against Universal Adversarial Perturbations , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[14]  Sergey Ioffe,et al.  Rethinking the Inception Architecture for Computer Vision , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[15]  Jian Sun,et al.  Identity Mappings in Deep Residual Networks , 2016, ECCV.

[16]  Patrick P. K. Chan,et al.  Face Liveness Detection Using a Flash Against 2D Spoofing Attack , 2018, IEEE Transactions on Information Forensics and Security.

[17]  Alan R. Dennis,et al.  Security on Autopilot: Why Current Security Theories Hijack our Thinking and Lead Us Astray , 2018, DATB.

[18]  Tat-Seng Chua,et al.  SCA-CNN: Spatial and Channel-Wise Attention in Convolutional Networks for Image Captioning , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[19]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[20]  Jinyin Chen,et al.  DGEPN-GCEN2V: a new framework for mining GGI and its application in biomarker detection , 2019, Science China Information Sciences.

[21]  Rodrigo C. Barros,et al.  Adult content detection in videos with convolutional and recurrent neural networks , 2018, Neurocomputing.

[22]  Zhenzhong Chen,et al.  Scanpath Prediction for Visual Attention using IOR-ROI LSTM , 2018, IJCAI.

[23]  Alexander J. Smola,et al.  Stacked Attention Networks for Image Question Answering , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[24]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[25]  Sergey Ioffe,et al.  Inception-v4, Inception-ResNet and the Impact of Residual Connections on Learning , 2016, AAAI.

[26]  Christopher Joseph Pal,et al.  Describing Videos by Exploiting Temporal Structure , 2015, 2015 IEEE International Conference on Computer Vision (ICCV).

[27]  Vanessa Testoni,et al.  Video pornography detection through deep learning techniques and motion information , 2016, Neurocomputing.