2021 IEEE International Conference on Image Processing
19-22 September 2021 • Anchorage, Alaska, USA
Imaging Without Borders
| Paper ID | SS-MMSDF-2.6 | ||
| Paper Title | ERROR DIFFUSION HALFTONING AGAINST ADVERSARIAL EXAMPLES | ||
| Authors | Shao-Yuan Lo, Vishal Patel, Johns Hopkins University, United States | ||
| Session | SS-MMSDF-2: Special Session: AI for Multimedia Security and Deepfake 2 | ||
| Location | Area A | ||
| Session Time: | Tuesday, 21 September, 15:30 - 17:00 | ||
| Presentation Time: | Tuesday, 21 September, 15:30 - 17:00 | ||
| Presentation | Poster | ||
| Topic | Applications of Machine Learning: Machine learning for information forensics and security | ||
| IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
| Abstract | Adversarial examples contain carefully crafted perturbations that can fool deep neural networks (DNNs) into making wrong predictions. Enhancing the adversarial robustness of DNNs has gained considerable interest in recent years. Although image transformation-based defenses were widely considered at an earlier time, most of them have been defeated by adaptive attacks. In this paper, we propose a new image transformation defense based on error diffusion halftoning, and combine it with adversarial training to defend against adversarial examples. Error diffusion halftoning projects an image into a 1-bit space and diffuses quantization error to neighboring pixels. This process can remove adversarial perturbations from a given image while maintaining acceptable image quality in the meantime in favor of recognition. Experimental results demonstrate that the proposed method is able to improve adversarial robustness even under advanced adaptive attacks, while most of the other image transformation-based defenses do not. We show that a proper image transformation can still be an effective defense approach. Code: https://github.com/shaoyuanlo/Halftoning-Defense | ||