Purifying Adversarial Examples Using an Autoencoder

Thijs van Weezel; Famke van Ree; Tychon Bos; Patrick Bastiaanssen; Sibylle Hess

doi:10.1007/978-3-031-78980-9_9

Purifying Adversarial Examples Using an Autoencoder

Thijs van Weezel (Corresponderende auteur)
, Famke van Ree
, Tychon Bos
, Patrick Bastiaanssen
, Sibylle Hess

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

Samenvatting

One of the most prominent security challenges to neural networks are adversarial examples - inputs with often barely perceptible perturbations causing misclassification. In this study, we propose a defense mechanism that uses an autoencoder to restore adversarial examples before classification. That is, the autoencoder purifies input data points from potential adversarial perturbations. The method is titled Autoencoder-based Adversarial Purification (AAP). We demonstrate the effectiveness of AAP on multiple datasets, attack methods, and perturbation levels. While certain limitations exist, this research offers valuable insights and a promising direction for robust defense mechanisms in adversarial deep learning.

Originele taal-2	Engels
Titel	Discovery Science - 27th International Conference, DS 2024, Proceedings
Redacteuren	Dino Pedreschi, Anna Monreale, Riccardo Guidotti, Francesca Naretto, Roberto Pellungrini
Uitgeverij	Springer
Pagina's	134-148
Aantal pagina's	15
ISBN van elektronische versie	9783031789809
ISBN van geprinte versie	9783031789793
DOI's	https://doi.org/10.1007/978-3-031-78980-9_9
Status	Gepubliceerd - 25 jan. 2025
Evenement	27th International Conference on Discovery Science, DS 2024 - Pisa, Italië Duur: 14 okt. 2024 → 16 okt. 2024

Publicatie series

Naam	Lecture Notes in Computer Science
Volume	15244
ISSN van geprinte versie	0302-9743
ISSN van elektronische versie	1611-3349

Naam	Lecture Notes in Artificial Intelligence
Volume	15244

Congres

Congres	27th International Conference on Discovery Science, DS 2024
Land/Regio	Italië
Stad	Pisa
Periode	14/10/24 → 16/10/24

Bibliografische nota

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

Toegang tot document

10.1007/978-3-031-78980-9_9

Andere bestanden en links

Link naar publicatie in Scopus

Citeer dit

van Weezel, T., van Ree, F., Bos, T., Bastiaanssen, P., & Hess, S. (2025). Purifying Adversarial Examples Using an Autoencoder. In D. Pedreschi, A. Monreale, R. Guidotti, F. Naretto, & R. Pellungrini (editors), Discovery Science - 27th International Conference, DS 2024, Proceedings (blz. 134-148). (Lecture Notes in Computer Science; Vol. 15244), (Lecture Notes in Artificial Intelligence; Vol. 15244). Springer. https://doi.org/10.1007/978-3-031-78980-9_9

van Weezel, Thijs ; van Ree, Famke ; Bos, Tychon et al. / Purifying Adversarial Examples Using an Autoencoder. Discovery Science - 27th International Conference, DS 2024, Proceedings. redacteur / Dino Pedreschi ; Anna Monreale ; Riccardo Guidotti ; Francesca Naretto ; Roberto Pellungrini. Springer, 2025. blz. 134-148 (Lecture Notes in Computer Science). (Lecture Notes in Artificial Intelligence).

@inproceedings{2a163538c0bd40c38d5c121fb1137dce,

title = "Purifying Adversarial Examples Using an Autoencoder",

abstract = "One of the most prominent security challenges to neural networks are adversarial examples - inputs with often barely perceptible perturbations causing misclassification. In this study, we propose a defense mechanism that uses an autoencoder to restore adversarial examples before classification. That is, the autoencoder purifies input data points from potential adversarial perturbations. The method is titled Autoencoder-based Adversarial Purification (AAP). We demonstrate the effectiveness of AAP on multiple datasets, attack methods, and perturbation levels. While certain limitations exist, this research offers valuable insights and a promising direction for robust defense mechanisms in adversarial deep learning.",

keywords = "adversarial attack, autoencoder, purification",

author = "\{van Weezel\}, Thijs and \{van Ree\}, Famke and Tychon Bos and Patrick Bastiaanssen and Sibylle Hess",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 27th International Conference on Discovery Science, DS 2024 ; Conference date: 14-10-2024 Through 16-10-2024",

year = "2025",

month = jan,

day = "25",

doi = "10.1007/978-3-031-78980-9\_9",

language = "English",

isbn = "9783031789793",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "134--148",

editor = "Dino Pedreschi and Anna Monreale and Riccardo Guidotti and Francesca Naretto and Roberto Pellungrini",

booktitle = "Discovery Science - 27th International Conference, DS 2024, Proceedings",

address = "Germany",

}

van Weezel, T, van Ree, F, Bos, T, Bastiaanssen, P & Hess, S 2025, Purifying Adversarial Examples Using an Autoencoder. in D Pedreschi, A Monreale, R Guidotti, F Naretto & R Pellungrini (reds.), Discovery Science - 27th International Conference, DS 2024, Proceedings. Lecture Notes in Computer Science, vol. 15244, Lecture Notes in Artificial Intelligence, vol. 15244, Springer, blz. 134-148, 27th International Conference on Discovery Science, DS 2024, Pisa, Italië, 14/10/24. https://doi.org/10.1007/978-3-031-78980-9_9

Purifying Adversarial Examples Using an Autoencoder. / van Weezel, Thijs (Corresponderende auteur); van Ree, Famke; Bos, Tychon et al.
Discovery Science - 27th International Conference, DS 2024, Proceedings. reds. / Dino Pedreschi; Anna Monreale; Riccardo Guidotti; Francesca Naretto; Roberto Pellungrini. Springer, 2025. blz. 134-148 (Lecture Notes in Computer Science; Vol. 15244), (Lecture Notes in Artificial Intelligence; Vol. 15244).

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - Purifying Adversarial Examples Using an Autoencoder

AU - van Weezel, Thijs

AU - van Ree, Famke

AU - Bos, Tychon

AU - Bastiaanssen, Patrick

AU - Hess, Sibylle

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025/1/25

Y1 - 2025/1/25

N2 - One of the most prominent security challenges to neural networks are adversarial examples - inputs with often barely perceptible perturbations causing misclassification. In this study, we propose a defense mechanism that uses an autoencoder to restore adversarial examples before classification. That is, the autoencoder purifies input data points from potential adversarial perturbations. The method is titled Autoencoder-based Adversarial Purification (AAP). We demonstrate the effectiveness of AAP on multiple datasets, attack methods, and perturbation levels. While certain limitations exist, this research offers valuable insights and a promising direction for robust defense mechanisms in adversarial deep learning.

AB - One of the most prominent security challenges to neural networks are adversarial examples - inputs with often barely perceptible perturbations causing misclassification. In this study, we propose a defense mechanism that uses an autoencoder to restore adversarial examples before classification. That is, the autoencoder purifies input data points from potential adversarial perturbations. The method is titled Autoencoder-based Adversarial Purification (AAP). We demonstrate the effectiveness of AAP on multiple datasets, attack methods, and perturbation levels. While certain limitations exist, this research offers valuable insights and a promising direction for robust defense mechanisms in adversarial deep learning.

KW - adversarial attack

KW - autoencoder

KW - purification

UR - https://www.scopus.com/pages/publications/85219196330

U2 - 10.1007/978-3-031-78980-9_9

DO - 10.1007/978-3-031-78980-9_9

M3 - Conference contribution

AN - SCOPUS:85219196330

SN - 9783031789793

T3 - Lecture Notes in Computer Science

SP - 134

EP - 148

BT - Discovery Science - 27th International Conference, DS 2024, Proceedings

A2 - Pedreschi, Dino

A2 - Monreale, Anna

A2 - Guidotti, Riccardo

A2 - Naretto, Francesca

A2 - Pellungrini, Roberto

PB - Springer

T2 - 27th International Conference on Discovery Science, DS 2024

Y2 - 14 October 2024 through 16 October 2024

ER -

van Weezel T, van Ree F, Bos T, Bastiaanssen P, Hess S. Purifying Adversarial Examples Using an Autoencoder. In Pedreschi D, Monreale A, Guidotti R, Naretto F, Pellungrini R, redacteurs, Discovery Science - 27th International Conference, DS 2024, Proceedings. Springer. 2025. blz. 134-148. (Lecture Notes in Computer Science). (Lecture Notes in Artificial Intelligence). doi: 10.1007/978-3-031-78980-9_9