Volume 15, Number 2

Immunizing Image Classifiers Against Localized Adversary Attacks

  Authors

Henok Ghebrechristos and Gita Alaghband, University of Colorado-Denver, Colorado

  Abstract

This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks (CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations. When combined with 3D convolution and deep curriculum learning optimization (CLO), it significantly improves the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10 and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing accuracy improvements over previous techniques. The results indicate that the combination of the volumetric input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating adversary training.

  Keywords

Convolutional Neural Network, Adversary Attack, Deep Learning, Volumization, Adversary Défense, Curriculum Learning.