Defending machine learning models against adversarial attacks using GANs

Abstract

We have used Generative Adversarial Network (GAN) to defend against adversarial attacks. Pixel-wise and perceptual distance measures for images are used in the GAN training. We have used five different distance measures, Reconstruction error, Structural SIMilarity (SSIM), Multi-Scale SSIM, Peak signal-to-noise ratio (PSNR), and Frechet Inception Distance (FID), in the GAN training. Although accuracies achieved against adversarial attacks with the proposed idea is not at par with the state of the art pproaches such as [38], the generator trained using FID is able to generate good quality images in lesser number of iterations. Using onlym a perceptual distance measure in the cost function does not guarantee the convergence of GAN training.