We propose an adversarial defense method that achieves state-of-the-art performance among attack-agnostic adversarial defense methods while also maintaining robustness to input resolution, scale of adversarial perturbation, and scale of dataset size. Based on convolutional sparse coding, we construct a stratified low-dimensional quasi-natural image space that faithfully approximates the natural image space while also removing adversarial perturbations. We introduce a novel Sparse Transformation Layer (STL) in between the input image and the first layer of the neural network to efficiently project images into our quasi-natural image space. Our experiments show state-of-the-art performance of our method compared to other attack-agnostic adversarial defense methods in various adversarial settings.
@article{arxiv.1812.00037,
title = {Adversarial Defense by Stratified Convolutional Sparse Coding},
author = {Bo Sun and Nian-hsuan Tsai and Fangchen Liu and Ronald Yu and Hao Su},
journal= {arXiv preprint arXiv:1812.00037},
year = {2019}
}