Loughborough University
Browse

A divide-and-conquer reconstruction method for defending against adversarial example attacks

Download (3.18 MB)
journal contribution
posted on 2025-05-13, 09:20 authored by Xiyao Liu, Jiaxin Hu, Qingying Yang, Ming Jiang, Jianbiao He, Hui FangHui Fang

In recent years, defending against adversarial examples has gained significant importance, leading to a growing body of research in this area. Among these studies, pre-processing defense approaches have emerged as a prominent research direction. However, existing adversarial example pre-processing techniques often employ a single pre-processing model to counter different types of adversarial attacks. Such a strategy may miss the nuances between different types of attacks, limiting the comprehensiveness and effectiveness of the defense strategy. To address this issue, we propose a divide-and-conquer reconstruction pre-processing algorithm via multi-classification and multi-network training to more effectively defend against different types of mainstream adversarial attacks. The premise and challenge of the divide-and-conquer reconstruction defense is to distinguish between multiple types of adversarial attacks. Our method designs an adversarial attack classification module that exploits the high-frequency information differences between different types of adversarial examples for their multi-classification, which can hardly be achieved by existing adversarial example detection methods. In addition, we construct a divide-and-conquer reconstruction module that utilizes different trained image reconstruction models for each type of adversarial attack, ensuring optimal defense effectiveness. Extensive experiments show that our proposed divide-and-conquer defense algorithm exhibits superior performance compared to state-of-the-art pre-processing methods.

Funding

Science and Technology Innovation Program of Hunan Province (No. 2022GK5002, 2024JK2015, 2024JJ5440)

Special Foundation for Distinguished Young Scientists of Changsha (No. kq2209003)

Foreign Expert Project of China (No. G2023041039L)

The 111 Project (No. D23006)

The High Performance Computing Center of Central South University

History

School

  • Science

Published in

Visual Intelligence

Volume

2

Issue

1

Publisher

Springer Nature

Version

  • VoR (Version of Record)

Rights holder

© The Author(s)

Publisher statement

This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Acceptance date

2024-08-30

Publication date

2024-10-09

Copyright date

2024

DOI

eISSN

2731-9008

Publisher version

Language

  • en

Depositor

Dr Hui Fang. Deposit date: 25 January 2025

Article number

30

Usage metrics

    Loughborough Publications

    Categories

    No categories selected

    Keywords

    Adversarial example defenseDivide-and-conquer strategyAdversarial attack multi-classificationReconstruction network

    Licence

    CC BY 4.0

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC