A Neo Adversarial Examples Defense Method \\Through Spatial Transformer Networks

Li PengBo; Zhang DongMei

Chinese︱Feedback︱Save this page

• Elaborating Academic Views 　　　　 • Exchanging Innovative Ideas
• Protecting Intellectual Properties 　　• Fast Sharing Science Papers

Sponsored by the Center for Science and Technology Development of the Ministry of Education
Supervised by Ministry of Education of the People's Republic of China

Home > Papers

A Neo Adversarial Examples Defense Method \\Through Spatial Transformer Networks

Li PengBo, Zhang DongMei *

School of Computer Science(National Pilot Software Engineering School), Beijing University of Posts and Telecommunications, Beijing 100876

*Correspondence author

#Submitted by

Subject:

Funding: none

Opened online:24 March 2022

Accepted by: none

Citation: Li PengBo, Zhang DongMei.A Neo Adversarial Examples Defense Method \\Through Spatial Transformer Networks[OL]. [24 March 2022] http://en.paper.edu.cn/en_releasepaper/content/4757007

In recent years, deep neural networks (DNNs) have achieved high accuracy in image recognition tasks. However, they have been demonstrated to be vulnerable to adversarial examples. This work proposes a spatial transformation defense method to defend adversarial examples. The method is to add spatial transformer networks (STNs) before the classification model. The STNs utilize the attention mechanism to extract the area of interest of the classification model and transform it to another vector space. Spatial transformation maintains the basic structure information of the original images while mitigates the effect of adversarial perturbations. The experiments prove that the proposed spatial transformation method is effective at defending against both single-step and iterative attacks. Combining the proposed method with an adversarially trained model achieves better defense effect against single-step attacks, while combining the proposed method with the randomization defense method achieves better defense effect under completely white box scenario.

Keywords:Artificial Intelligence；Deep Learning；Adversarial Examples；Spatial Transformer Networks

For this paper

● PDF (0B)
● Revision 0 　　
● Print this paper
● Recommend this paper to a friend
● Add to my favorite list

Saved Papers

Please enter a name for this paper to be shown in your personalized Saved Papers list

Tags

Add yours

Related Papers

Statistics

PDF Downloaded	11
Bookmarked	0
Recommend	0
Comments	Array

Submit your papers

Alert Name:
Alerting to:
Authentication email will be sent to your email address in 24 hours
Frequency:
Email Message Format:	Plain text Graphical(HTML)

Complete the form below and we will recommend the selected titles to your friends on your behalf. * Indicates a required field.
Your name*:
Your email address*:
Recipient's name*:
Recipient's email address*:
(multiple recipient's names and email addresses should be separated with semicolons)
Your comments:	I thought you would find the page(s) useful.

Your name:
Your email address:
Recipient's name:
Recipient's email address:
(multiple recipient's names and email addresses should be separated with semicolons)
Your comments:	I thought you would find this page useful.

Disclaimer: This message was sent to your friend using the "Send it to a friend" facility on the Sciencepaper Online’ WWW site, http://www.paper.edu.cn/en. The Sciencepaper Online is not responsible for the content of this email, and anything said in this email does not necessarily reflect the Sciencepaper Online's views.

	Check out RSS, or use RSS reader to subscribe this item

Saved Papers