Heatmap-Aware Low-Cost Design to Resist Adversarial Attacks: Work-in-Progress

Abstract

It is a challenging task to resist adversarial attacks due to the imperceptibility of adversarial examples. The passive defense method is developed based on a series of input transformations and has achieved a promising result, which however suffers from a high computation cost. In this paper, we design a new heatmap-aware method to defend adversarial attacks, leading to a significant decrease in the time cost. To be specific, we compute the classification importance from each part of the input to obtain the heatmap of the data, and the key areas of classification are extracted according to the heatmap. A series of transformations are applied to the key areas of the classification, which reduces the amount of data to be processed and thus reduces the time cost. A set of preliminary experiments are conducted to testify the effectiveness of the proposed approach.