Open-Set Adversarial Defense

Rui Shao*, Pramuditha Perera, Pong Chi Yuen, Vishal M. Patel

*Corresponding author for this work

Research output: Chapter in book/report/conference proceedingConference proceedingpeer-review

8 Citations (Scopus)

Abstract

Open-set recognition and adversarial defense study two key aspects of deep learning that are vital for real-world deployment. The objective of open-set recognition is to identify samples from open-set classes during testing, while adversarial defense aims to defend the network against images with imperceptible adversarial perturbations. In this paper, we show that open-set recognition systems are vulnerable to adversarial attacks. Furthermore, we show that adversarial defense mechanisms trained on known classes do not generalize well to open-set samples. Motivated by this observation, we emphasize the need of an Open-Set Adversarial Defense (OSAD) mechanism. This paper proposes an Open-Set Defense Network (OSDN) as a solution to the OSAD problem. The proposed network uses an encoder with feature-denoising layers coupled with a classifier to learn a noise-free latent feature representation. Two techniques are employed to obtain an informative latent feature space with the objective of improving open-set performance. First, a decoder is used to ensure that clean images can be reconstructed from the obtained latent features. Then, self-supervision is used to ensure that the latent features are informative enough to carry out an auxiliary task. We introduce a testing protocol to evaluate OSAD performance and show the effectiveness of the proposed method in multiple object classification datasets. The implementation code of the proposed method is available at: https://github.com/rshaojimmy/ECCV2020-OSAD.

Original languageEnglish
Title of host publicationComputer Vision – ECCV 2020
Subtitle of host publication16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part XVII
EditorsAndrea Vedaldi, Horst Bischof, Thomas Brox, Jan-Michael Frahm
PublisherSpringer Science and Business Media Deutschland GmbH
Pages682-698
Number of pages17
Edition1st
ISBN (Electronic)9783030585204
ISBN (Print)9783030585198
DOIs
Publication statusPublished - 19 Nov 2020
Event16th European Conference on Computer Vision, ECCV 2020 - Glasgow, United Kingdom
Duration: 23 Aug 202028 Aug 2020
https://link.springer.com/book/10.1007/978-3-030-58452-8

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12362 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference16th European Conference on Computer Vision, ECCV 2020
Country/TerritoryUnited Kingdom
CityGlasgow
Period23/08/2028/08/20
Internet address

Scopus Subject Areas

  • Theoretical Computer Science
  • General Computer Science

User-Defined Keywords

  • Adversarial defense
  • Open-set recognition

Fingerprint

Dive into the research topics of 'Open-Set Adversarial Defense'. Together they form a unique fingerprint.

Cite this