| Presentation | 2021-03-05 Towards Adversarial Robustness of Learning in the Frequency Domain Subhajit Chaudhury, Toshihiko Yamasaki, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Adversarial attacks study the effect of noise on the robustness of Convolutional Neural Networks (CNNs). Typically, these works have shown that CNNs can be easily fooled by simply adding small imperceptible noise in the RGB color space that cannot be detected by humans. In this paper, we study the effect of adversarial attacks in the frequency domain and show that such attacks are rendered weaker due to frequency domain transformations. We argue that learning CNNs in the frequency domain disentangles frequencies corresponding to semantic and adversarial features. Due to this property, CNNs learned in the frequency domain can selectively put less focus on the adversarial features resulting in a robust performance in the presence of adversarial noise. We performed experiments on multiple datasets and show that CNNs trained on Discrete Cosine Transform (DCT) inputs show significantly better noise robustness to many varieties of adversarial noise compared to standard CNNs learned on RGB/Grayscale input. From this result, we urge the research community towards exploring frequency domain learning as a potential novel area to improve neural network robustness to test-time noise. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Adversarial AttacksDiscrete Cosine TransformsDefense against Adversarial Attacks |
| Paper # | PRMU2020-100 |
| Date of Issue | 2021-02-25 (PRMU) |
| Conference Information | |
| Committee | PRMU / IPSJ-CVIM |
|---|---|
| Conference Date | 2021/3/4(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Online |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Computer Vision and Pattern Recognition for specific environment |
| Chair | Yoichi Sato(Univ. of Tokyo) |
| Vice Chair | Akisato Kimura(NTT) / Masakazu Iwamura(Osaka Pref. Univ.) |
| Secretary | Akisato Kimura(Mobility Technologies) / Masakazu Iwamura(Chubu Univ.) |
| Assistant | Takashi Shibata(NTT) / Masashi Nishiyama(Tottori Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Pattern Recognition and Media Understanding / Special Interest Group on Computer Vision and Image Media |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Towards Adversarial Robustness of Learning in the Frequency Domain |
| Sub Title (in English) | |
| Keyword(1) | Adversarial AttacksDiscrete Cosine TransformsDefense against Adversarial Attacks |
| 1st Author's Name | Subhajit Chaudhury |
| 1st Author's Affiliation | The University of Tokyo(UTokyo) |
| 2nd Author's Name | Toshihiko Yamasaki |
| 2nd Author's Affiliation | The University of Tokyo(UTokyo) |
| Date | 2021-03-05 |
| Paper # | PRMU2020-100 |
| Volume (vol) | vol.120 |
| Number (no) | PRMU-409 |
| Page | pp.pp.176-180(PRMU), |
| #Pages | 5 |
| Date of Issue | 2021-02-25 (PRMU) |