Adversarial Sample Defense Method Based on Noise Dissolution

The security problems exposed in the rapid development of the Deep Neural Network(DNN)have gradually attracted our attention.However, since adversarial examples were first defined, many adversarial attacks on DNNs have been proposed, and the complexity and weak interpretability of DNNs increases their vulnerability to these attacks.To ensure the universality of our defense methods, in this paper, we propose a defense method against adversarial attacks based on the dissolution of noise.The proposed method takes pre-processing as the basic idea and combines it with the specificity of adversarial examples.Considering the stealthiness and vulnerability of adversarial attacks, we design the process of noise dissolution to destroy the aggressivity and the filtering tolerability of adversarial disturbance, taking advantage of the robustness of DNN. In the subsequent filtering process, we adaptively adjust the filtering range and intensity based on adversarial disturbance contribution and targeted filter adversarial noise.Our method is easy to deploy without modifying DNN. And the experiment results show that the defense success rate on the ImageNet dataset of our method against the classical adversarial attacks L-BFGS, FGSM, Deepfool, JSMA, and C&W is above 80%, and is 9.25, 14.86 and 14.32 percentage point higher than the classical pre-processing defense methods JPEG compression, APE-GAN, and D3, respectively.Our method has a good defense effect and strong universality.