CSG: Classifier-Aware Defense Strategy Based on Compressive Sensing and Generative Networks for Visual Recognition in Autonomous Vehicle Systems

Abstract

Visual classification algorithms based-on Deep Neural Networks (DNN) have been widely adopted in autonomous vehicle design. However, DNN suffers from adversarial attacks including pixel attacks and patch attacks, and its adoption may introduce new vulnerability into such security-critical scenarios. Existing defense techniques only focus on defending against one category, either pixel attacks or patch attacks, but does not translate to the other. Hence, the design of a practical comprehensive real-time defense algorithm for DNN-based classifiers presents a challenging task in this adversarial context. This paper attempts to address the abovementioned problem by combining Compressive Sensing with Generative neural networks (CSG) to construct an efficient defense framework, in conjunction with the proposal of a classifier-aware adversarial training way. Extensive experiments have been conducted using the LISA road sign dataset to evaluate the performance of CSG. The results show its superiority in comprehensively defending adversarial examples generated using attacks including CW-L2, FGSM and Sticker, compared with other state-of-the-art defense techniques.