Deblurring as a Defense against Adversarial Attacks

The increased use of image classification models and the prevalence of autonomous vehicles on roads has sparked a conversation regarding protecting these tools from adversarial attacks. Much of the existing research focuses on investigating potential methods of detecting and removing adversarial gradients during the model training phase, which can negatively affect the accuracy of learning models. However, how to best protect the learning model once it has been trained and is in use becomes an emerging yet significant problem that has yet to be touched upon. In this paper, we investigate the potential use of Artificial Intelligence (AI) deblurring as a defense strategy to protect against adversarial gradients, which is model and attack-independent. Specifically, we propose a multi-part input transformation-based adversarial defense that utilizes blurring, contrast adjustment, and AI deblurring to remove adversarial gradients from images without significantly increasing classification time. By using AI deblurring in conjunction with blurring and contrast adjustment, we can mitigate the amount of feature data lost due to using higher standard deviations for our blur kernel. Our approach results in better denoising than what would have been possible by simply using blurring, leading to improved classification accuracy.