Defense against adversarial examples based on wavelet domain analysis

In recent years, machine learning and deep learning, in particular, have shown powerful performance on different challenging tasks. However, research has shown that deep learning systems can be vulnerable to malicious inputs modified by perturbations crafted to be imperceptible to humans. These adversarial examples can fool the classifier into misclassifying them with high confidence, limiting the applications of deep learning systems, especially where guaranteeing the security of the learning model is necessary. In this paper, we propose a two-level defense method consisting of adversarial detection and input data reconstruction modules against adversarial attacks. The detector differentiates between normal and adversarial examples fed to a deep image classification model, and the reconstructor transforms the detected adversarial images to their corresponding normal samples. Both detection and reconstruction modules are novel and fast signal processing-based techniques depending on analyzing the attacks in the wavelet domain. We show that our defense method is effective against the most state-of-the-art attacks with neither modifying the protected classifier nor utilizing any deep learning model that could be exposed to attacks itself.