DPC: Dynamic purification chain for adaptive adversarial defense.

Zeshan Pang, Yuyuan Sun, Rongtao Liao, Xuehu Yan, Shasha Guo, Yuliang Lu

While deep learning models are playing an increasingly important role in human society, they remain susceptible to adversarial attacks. Recent studies on adversarial purification, which preprocess data using transformations to eliminate adversarial perturbations, have shown great promise. However, strong adversaries with access to defense parameters can bypass existing adversarial purification methods. To address this challenge, we propose the Dynamic Purification Chain (DPC) to defend against strong adaptive adversarial attacks. DPC combines pixel and geometric transformations to eliminate adversarial perturbations. Furthermore, the chain is dynamically constructed using a feedback algorithm to avoid over-purification. Experiments on CIFAR-10, CIFAR-100, and Imagenette demonstrate the superior performance of the proposed method under strong adaptive attacks while maintaining high accuracy on clean data. The code is available at https://github.com/PangZe3/DPC.

Read on ELI