PCA improves the adversarial robustness of neural networks

István Megyeri, Ammar Al-Najjar
2022 ESANN 2022 proceedings   unpublished
Deep neural networks perform well in many visual recognition tasks, but they are sensitive to adversarial input perturbation. More robust models can be learned when attacks are applied to the training data or preprocessing is used. However, the effect of preprocessing is frequently underestimated and it has not received sufficient attention as it usually does not affect the network's clean accuracy. Here, we seek to demonstrate that preprocessing can play a role in improving adversarial
more » ... ss. Our empirical results show that principal component analysis, a simple yet effective preprocessing method, can significantly improve neural networks' robustness for both regular and adversarial training.
doi:10.14428/esann/2022.es2022-96 fatcat:gjompzb6z5fcxb5zwreztlzceu