Defend Against Adversarial Samples By Using Perceptual Hash
Image classifiers that based on Deep Neural Networks (DNNs) have been proved to be easily fooled by well-designed perturbations. Previous defense methods have the limitations of requiring expensive computation or reducing the accuracy of the classifiers. In this paper, we propose a novel method based on perceptual hash which appends extra judgment layer and time layer to all DNNs. Our main purpose is to destroy the process of perturbations generation by comparing the similarities of images. To prove our idea, we defended against two main attack methods (a white-box attack and a black-box attack) in different DNNs and show that, after using our defense method, the attack-success-rate for all DNNs decreases significantly. More specifically, for the white-box attack, the attack-success-rate is reduced by an average of 36.3%. For the black-box attack, the average attack-success-rate of targeted attack and non-targeted attack has been reduced by 72.8% and 76.7% respectively. The proposed method is a simple and effective defense method and provides a new way to defend against adversarial samples.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Articles published by TSP are under an Open Access license, which means all articles published by TSP are accessible online free of charge and as free of technical and legal barriers to everyone. Published materials can be re-used if properly acknowledged and cited Open Access publication is supported by the authors' institutes or research funding agencies by payment of a comparatively low Article Processing Charge (APC) for accepted articles.