Rethinking Self-Supervised Learning for Cross-Domain Adversarial Sample Recovery

Li, Yi and Angelov, Plamen and Suri, Neeraj (2024) Rethinking Self-Supervised Learning for Cross-Domain Adversarial Sample Recovery. In: 2024 International Joint Conference on Neural Networks (IJCNN) :. IEEE, JPN. ISBN 9798350359329

Text (IJCNN_2024)
IJCNN_2024_1_.pdf - Accepted Version
Available under License Creative Commons Attribution.
Download (2MB)

Abstract

dversarial attacks can cause misclassification in machine learning pipelines, posing a significant safety risk in critical applications such as autonomous systems or medical applications. Supervised learning-based methods for adversarial sample recovery rely heavily on large volumes of labeled data, which often results in substantial performance degradation when applying the trained model to new domains. In this paper, differing from conventional self-supervised learning techniques such as data augmentation, we present a novel two-stage self-supervised representation learning framework for the task of adversarial sample recovery, aimed at overcoming these limitations. In the first stage, we employ a clean image autoencoder (CAE) to learn representations of clean images. Subsequently, the second stage utilizes an adversarial image autoencoder (AAE) to learn a shared latent space that captures the relationships between the representations acquired by CAE and AAE. It is noteworthy that the input clean images in the first stage and adversarial images in the second stage are cross-domain and not paired. To the best of our knowledge, this marks the first instance of self-supervised adversarial sample recovery work that operates without the need for labeled data. Our experimental evaluations, spanning a diverse range of images, consistently demonstrate the superior performance of the proposed method compared to conventional adversarial sample recovery methods.