Efficient Key-Based Adversarial Defense for ImageNet by Using Pre-Trained Models

• Published in: IEEE open journal of signal processing Vol. 5; pp. 902 - 913
• Main Authors: MaungMaung, AprilPyone, Echizen, Isao, Kiya, Hitoshi
• Format: Journal Article
• Language: English
• Published: New York IEEE 2024; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Adaptation models; Adversarial defense; Artificial intelligence; Computational modeling; Datasets; fine-tuning; Image classification; Image edge detection; image encryption; key-based defense; Perturbation methods; pre-trained models; Predictive models; Training
• ISSN: 2644-1322; 2644-1322
• DOI: 10.1109/OJSP.2024.3419569

In this paper, we propose key-based defense model proliferation by leveraging pre-trained models and utilizing recent efficient fine-tuning techniques on ImageNet-1 k classification. First, we stress that deploying key-based models on edge devices is feasible with the latest model deployment advancements, such as Apple CoreML, although the mainstream enterprise edge artificial intelligence (Edge AI) has been focused on the Cloud. Then, we point out that the previous key-based defense on on-device image classification is impractical for two reasons: (1) training many classifiers from scratch is not feasible, and (2) key-based defenses still need to be thoroughly tested on large datasets like ImageNet. To this end, we propose to leverage pre-trained models and utilize efficient fine-tuning techniques to proliferate key-based models even on limited compute resources. Experiments were carried out on the ImageNet-1 k dataset using adaptive and non-adaptive attacks. The results show that our proposed fine-tuned key-based models achieve a superior classification accuracy (more than 10% increase) compared to the previous key-based models on classifying clean and adversarial examples.