Collaborative Defense-GAN for protecting adversarial attacks on classification system

With rapid progress and significant successes in a wide domain of applications, deep learning has been extensively employed for solving complex problems. However, performance of deep learning has been vulnerable to well-designed samples, called adversarial samples. These samples are carefully designed to deceive the deep learning models without human perception. Therefore, vulnerability to adversarial attacks becomes one of the major concerns in life-critical applications of deep learning. In this paper, a novel approach to counter adversarial samples is proposed to strengthen the robustness of a deep learning model. The strategy is to filter the perturbation noise in adversarial samples prior to prediction. The proposed defense framework is based on DiscoGANs to discover the relation between attacker and defender characteristics. Attacker models are created to generate the adversarial samples from the training data, while the defender model is trained to reconstruct original samples from the adversarial samples. These two frameworks are trained to compete with each other in an alternating manner. The experimental results on different attack models are compared with popular defense mechanisms on three benchmark datasets. Our proposed method shows promising results and can improve the robustness on both white-box and black-box attacks including the computation time.