Review on Image Processing Based Adversarial Example Defenses in Computer Vision

Recent research works showed that deep neural networks are vulnerable to adversarial examples, which are usually maliciously created by carefully adding deliberate and imperceptible perturbations to examples. Several states of the art defense methods are proposed based on the existing image processing methods like image compression and image denoising. However, such approaches are not the final optimal solution for defense adversarial perturbations in DNN models. In this paper, we reviewed two main approaches to deploying image processing methods as a defense. By analyzing and discussing the remaining issues, we present two open questions for future research direction including the definition of adversarial perturbations and noises, the novel defense-aware threat model. A further research direction is also given by re-thinking the impacts of adversarial perturbations on all frequency bands.