An Ensemble Denoiser Based on Generative Adversarial Networks to Eliminate Adversarial Perturbations

Abstract

Deep neural networks (DNNs) have been applied in various machine learning tasks with the success of deep learning technologies. However, they are surprisingly vulnerable to adversarial examples, which can easily fool deep neural networks. Due to this drawback of deep neural networks, numerous methods have been proposed to eliminate the effect of adversarial examples. Although they do play a significant role in protecting deep neural networks, most of them all have one flaw in common. They are only effective for certain types of adversarial examples. This paper proposes an ensemble denoiser based on generative adversarial networks (GANs) to protect deep neural networks. This proposed method aims to remove the effect of multiple types of adversarial examples before they are fed into deep neural networks. Therefore, it is model-independent and cannot modify deep neural networks’ parameters. We employ a generative adversarial network for this proposed method to learn multiple mappings between adversarial examples and benign examples. Each mapping behaves differently for different types of adversarial examples. Therefore, we integrate these mappings as the ultimate method to defend against multiple types of adversarial examples. Experiments are conducted on the MNIST and CIFAR10 datasets. We compare this proposed method with several existing excellent methods. Results show that this proposed method achieves better performance than other methods when defending against multiple types of adversarial examples. The code is available at <a href="https://github.com/Afreadyang/ensemble-ape-gan">https://github.com/Afreadyang/ensemble-ape-gan</a>