Purifying Adversarial Images using Adversarial Autoencoder with Conditional Normalizing Flows
We present a target-agnostic adversarial autoencoder with conditional normalizing flows specifically designed to, given any unlabeled image dataset, purify adversarial samples into clean images, i.e., remove adversarial noise from the images while preserving their visual quality. In our model interp...
Gespeichert in:
| Veröffentlicht in: | IEEE open journal of signal processing 2023-01, Vol.4, p.1-9 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 9 |
|---|---|
| container_issue | |
| container_start_page | 1 |
| container_title | IEEE open journal of signal processing |
| container_volume | 4 |
| creator | Ji, Yi Le, Trung-Nghia Nguyen, Huy H. Echizen, Isao |
| description | We present a target-agnostic adversarial autoencoder with conditional normalizing flows specifically designed to, given any unlabeled image dataset, purify adversarial samples into clean images, i.e., remove adversarial noise from the images while preserving their visual quality. In our model interpretation, samples are processed by manifold projection in which the encoder brings the sample back into a posterior data distribution in latent space so that the sample is less likely to be irregular to the learned representation of any target classifier. Normalizing flows conditioned on top of our hybrid network structure and walk-back training are used to deal with common drawbacks of generative model and autoencoder-based approaches: not only the trade-off between compression loss and over-fitting on training data but also the structural model dependency on dataset classes and labels. Experiments demonstrated that our proposed model is preferable to existing target-agnostic adversarial defense methods particularly for large and unlabeled image datasets. |
| doi_str_mv | 10.1109/OJSP.2023.3275053 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_10123077</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10123077</ieee_id><doaj_id>oai_doaj_org_article_8d88827daf114ca2aa12aa7bc8891903</doaj_id><sourcerecordid>2821075024</sourcerecordid><originalsourceid>FETCH-LOGICAL-c355t-4cf668219fb5f4d5943d4292864b3f1f57c860e6d3bf364c491bec9d04ba35ba3</originalsourceid><addsrcrecordid>eNpdUV1LwzAULaLgmPsBgg8Fnzvz2aaPYzidDDdQHyWk-ZgZXTOT1jF_vZkbMny4JJx7zrk3OUlyDcEQQlDezZ9eFkMEEB5iVFBA8VnSQzkhGcQInZ_cL5NBCCsAAKIQRqCXvC86b83ONst0pL60D8JbUafTtVjqkHbhf2PUtU430int061tP9Kxa5RtrWti89n5tajt9140qd02XCUXRtRBD45nP3mb3L-OH7PZ_GE6Hs0yiSltMyJNnjMES1NRQxQtCVYElYjlpMIGGlpIlgOdK1wZnBNJSlhpWSpAKoFprH4yPfgqJ1Z84-1a-B13wvJfwPklF761stacKcYYKpQwEBIpkBAwVlFJxkpYAhy9bg9eG-8-Ox1avnKdj88LHMUdQfxgRCILHljSuxC8Nn9TIeD7UPg-FL4PhR9DiZqbg8ZqrU_4EGFQFPgHzuWIfQ</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2821075024</pqid></control><display><type>article</type><title>Purifying Adversarial Images using Adversarial Autoencoder with Conditional Normalizing Flows</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Ji, Yi ; Le, Trung-Nghia ; Nguyen, Huy H. ; Echizen, Isao</creator><creatorcontrib>Ji, Yi ; Le, Trung-Nghia ; Nguyen, Huy H. ; Echizen, Isao</creatorcontrib><description>We present a target-agnostic adversarial autoencoder with conditional normalizing flows specifically designed to, given any unlabeled image dataset, purify adversarial samples into clean images, i.e., remove adversarial noise from the images while preserving their visual quality. In our model interpretation, samples are processed by manifold projection in which the encoder brings the sample back into a posterior data distribution in latent space so that the sample is less likely to be irregular to the learned representation of any target classifier. Normalizing flows conditioned on top of our hybrid network structure and walk-back training are used to deal with common drawbacks of generative model and autoencoder-based approaches: not only the trade-off between compression loss and over-fitting on training data but also the structural model dependency on dataset classes and labels. Experiments demonstrated that our proposed model is preferable to existing target-agnostic adversarial defense methods particularly for large and unlabeled image datasets.</description><identifier>ISSN: 2644-1322</identifier><identifier>EISSN: 2644-1322</identifier><identifier>DOI: 10.1109/OJSP.2023.3275053</identifier><identifier>CODEN: IOJSAF</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Adversarial autoencoder ; Adversarial purification ; Coders ; Computational modeling ; Computer architecture ; Data models ; Datasets ; Face recognition ; Image quality ; Neural networks ; normalizing flow ; Purification ; representation learning ; Structural models ; Training</subject><ispartof>IEEE open journal of signal processing, 2023-01, Vol.4, p.1-9</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c355t-4cf668219fb5f4d5943d4292864b3f1f57c860e6d3bf364c491bec9d04ba35ba3</cites><orcidid>0000-0003-4908-1860 ; 0000-0002-7363-2610 ; 0000-0001-9134-9598 ; 0000-0002-2000-7977</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10123077$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>315,781,785,865,2103,27637,27928,27929,54937</link.rule.ids></links><search><creatorcontrib>Ji, Yi</creatorcontrib><creatorcontrib>Le, Trung-Nghia</creatorcontrib><creatorcontrib>Nguyen, Huy H.</creatorcontrib><creatorcontrib>Echizen, Isao</creatorcontrib><title>Purifying Adversarial Images using Adversarial Autoencoder with Conditional Normalizing Flows</title><title>IEEE open journal of signal processing</title><addtitle>OJSP</addtitle><description>We present a target-agnostic adversarial autoencoder with conditional normalizing flows specifically designed to, given any unlabeled image dataset, purify adversarial samples into clean images, i.e., remove adversarial noise from the images while preserving their visual quality. In our model interpretation, samples are processed by manifold projection in which the encoder brings the sample back into a posterior data distribution in latent space so that the sample is less likely to be irregular to the learned representation of any target classifier. Normalizing flows conditioned on top of our hybrid network structure and walk-back training are used to deal with common drawbacks of generative model and autoencoder-based approaches: not only the trade-off between compression loss and over-fitting on training data but also the structural model dependency on dataset classes and labels. Experiments demonstrated that our proposed model is preferable to existing target-agnostic adversarial defense methods particularly for large and unlabeled image datasets.</description><subject>Adversarial autoencoder</subject><subject>Adversarial purification</subject><subject>Coders</subject><subject>Computational modeling</subject><subject>Computer architecture</subject><subject>Data models</subject><subject>Datasets</subject><subject>Face recognition</subject><subject>Image quality</subject><subject>Neural networks</subject><subject>normalizing flow</subject><subject>Purification</subject><subject>representation learning</subject><subject>Structural models</subject><subject>Training</subject><issn>2644-1322</issn><issn>2644-1322</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpdUV1LwzAULaLgmPsBgg8Fnzvz2aaPYzidDDdQHyWk-ZgZXTOT1jF_vZkbMny4JJx7zrk3OUlyDcEQQlDezZ9eFkMEEB5iVFBA8VnSQzkhGcQInZ_cL5NBCCsAAKIQRqCXvC86b83ONst0pL60D8JbUafTtVjqkHbhf2PUtU430int061tP9Kxa5RtrWti89n5tajt9140qd02XCUXRtRBD45nP3mb3L-OH7PZ_GE6Hs0yiSltMyJNnjMES1NRQxQtCVYElYjlpMIGGlpIlgOdK1wZnBNJSlhpWSpAKoFprH4yPfgqJ1Z84-1a-B13wvJfwPklF761stacKcYYKpQwEBIpkBAwVlFJxkpYAhy9bg9eG-8-Ox1avnKdj88LHMUdQfxgRCILHljSuxC8Nn9TIeD7UPg-FL4PhR9DiZqbg8ZqrU_4EGFQFPgHzuWIfQ</recordid><startdate>20230101</startdate><enddate>20230101</enddate><creator>Ji, Yi</creator><creator>Le, Trung-Nghia</creator><creator>Nguyen, Huy H.</creator><creator>Echizen, Isao</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>L7M</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-4908-1860</orcidid><orcidid>https://orcid.org/0000-0002-7363-2610</orcidid><orcidid>https://orcid.org/0000-0001-9134-9598</orcidid><orcidid>https://orcid.org/0000-0002-2000-7977</orcidid></search><sort><creationdate>20230101</creationdate><title>Purifying Adversarial Images using Adversarial Autoencoder with Conditional Normalizing Flows</title><author>Ji, Yi ; Le, Trung-Nghia ; Nguyen, Huy H. ; Echizen, Isao</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c355t-4cf668219fb5f4d5943d4292864b3f1f57c860e6d3bf364c491bec9d04ba35ba3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Adversarial autoencoder</topic><topic>Adversarial purification</topic><topic>Coders</topic><topic>Computational modeling</topic><topic>Computer architecture</topic><topic>Data models</topic><topic>Datasets</topic><topic>Face recognition</topic><topic>Image quality</topic><topic>Neural networks</topic><topic>normalizing flow</topic><topic>Purification</topic><topic>representation learning</topic><topic>Structural models</topic><topic>Training</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ji, Yi</creatorcontrib><creatorcontrib>Le, Trung-Nghia</creatorcontrib><creatorcontrib>Nguyen, Huy H.</creatorcontrib><creatorcontrib>Echizen, Isao</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005–Present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE open journal of signal processing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ji, Yi</au><au>Le, Trung-Nghia</au><au>Nguyen, Huy H.</au><au>Echizen, Isao</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Purifying Adversarial Images using Adversarial Autoencoder with Conditional Normalizing Flows</atitle><jtitle>IEEE open journal of signal processing</jtitle><stitle>OJSP</stitle><date>2023-01-01</date><risdate>2023</risdate><volume>4</volume><spage>1</spage><epage>9</epage><pages>1-9</pages><issn>2644-1322</issn><eissn>2644-1322</eissn><coden>IOJSAF</coden><abstract>We present a target-agnostic adversarial autoencoder with conditional normalizing flows specifically designed to, given any unlabeled image dataset, purify adversarial samples into clean images, i.e., remove adversarial noise from the images while preserving their visual quality. In our model interpretation, samples are processed by manifold projection in which the encoder brings the sample back into a posterior data distribution in latent space so that the sample is less likely to be irregular to the learned representation of any target classifier. Normalizing flows conditioned on top of our hybrid network structure and walk-back training are used to deal with common drawbacks of generative model and autoencoder-based approaches: not only the trade-off between compression loss and over-fitting on training data but also the structural model dependency on dataset classes and labels. Experiments demonstrated that our proposed model is preferable to existing target-agnostic adversarial defense methods particularly for large and unlabeled image datasets.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/OJSP.2023.3275053</doi><tpages>9</tpages><orcidid>https://orcid.org/0000-0003-4908-1860</orcidid><orcidid>https://orcid.org/0000-0002-7363-2610</orcidid><orcidid>https://orcid.org/0000-0001-9134-9598</orcidid><orcidid>https://orcid.org/0000-0002-2000-7977</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 2644-1322 |
| ispartof | IEEE open journal of signal processing, 2023-01, Vol.4, p.1-9 |
| issn | 2644-1322 2644-1322 |
| language | eng |
| recordid | cdi_ieee_primary_10123077 |
| source | IEEE Open Access Journals; DOAJ Directory of Open Access Journals; EZB-FREE-00999 freely available EZB journals |
| subjects | Adversarial autoencoder Adversarial purification Coders Computational modeling Computer architecture Data models Datasets Face recognition Image quality Neural networks normalizing flow Purification representation learning Structural models Training |
| title | Purifying Adversarial Images using Adversarial Autoencoder with Conditional Normalizing Flows |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-17T13%3A35%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Purifying%20Adversarial%20Images%20using%20Adversarial%20Autoencoder%20with%20Conditional%20Normalizing%20Flows&rft.jtitle=IEEE%20open%20journal%20of%20signal%20processing&rft.au=Ji,%20Yi&rft.date=2023-01-01&rft.volume=4&rft.spage=1&rft.epage=9&rft.pages=1-9&rft.issn=2644-1322&rft.eissn=2644-1322&rft.coden=IOJSAF&rft_id=info:doi/10.1109/OJSP.2023.3275053&rft_dat=%3Cproquest_ieee_%3E2821075024%3C/proquest_ieee_%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2821075024&rft_id=info:pmid/&rft_ieee_id=10123077&rft_doaj_id=oai_doaj_org_article_8d88827daf114ca2aa12aa7bc8891903&rfr_iscdi=true |