-
[pdf]
[supp]
[bibtex]@InProceedings{Cha_2024_WACV, author = {Cha, Sungmin and Ko, Naeun and Choi, Heewoong and Yoo, Youngjoon and Moon, Taesup}, title = {NCIS: Neural Contextual Iterative Smoothing for Purifying Adversarial Perturbations}, booktitle = {Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV)}, month = {January}, year = {2024}, pages = {3789-3799} }
NCIS: Neural Contextual Iterative Smoothing for Purifying Adversarial Perturbations
Abstract
We propose a novel and effective purification-based adversarial defense method against pre-processor blind white- and black-box attacks, without requiring any adversarial training or retraining of the classification model. Based on the observation of the adversarial noise, we propose a simple iterative Gaussian Smoothing (GS) that smoothes out adversarial noise and achieves substantially high robust accuracy. To further improve the method, we propose Neural Contextual Iterative Smoothing (NCIS), which trains a blind-spot network (BSN) in a self-supervised manner to reconstruct the discriminative features of the smoothed original image. From the extensive experiments on the large-scale ImageNet, we show that our method achieves both competitive standard accuracy and state-of-the-art robust accuracy against most strong purifier-blind white- and black-box attacks. Also, we propose a new evaluation benchmark based on commercial image classification APIs, including AWS, Azure, Clarifai, and Google, and demonstrate that users can use our method to increase the adversarial robustness of APIs.
Related Material