Loading…

Using models of cortical development based on sparse coding to discriminate between real and synthetically-generated faces

We compare the robustness of image classifiers based on state-of-the-art Deep Neural Networks (DNNs) with classifiers based on a model of cortical development using a single layer of sparse coding. The comparison is based on the ability of the two distinct types of classifiers to distinguish between...

Full description

Saved in:
Bibliographic Details
Main Authors: Nguyen, Nga T. T., Moore, Juston S., Kenyon, Garrett T.
Format: Conference Proceeding
Language:English
Subjects:
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We compare the robustness of image classifiers based on state-of-the-art Deep Neural Networks (DNNs) with classifiers based on a model of cortical development using a single layer of sparse coding. The comparison is based on the ability of the two distinct types of classifiers to distinguish between faces of celebrities from the CelebA dataset and synthetic faces created by the ProGAN multi-scale GAN, trained on the same CelebA images. We examine the robustness of DNNs compared to classifiers based on sparse coding after the addition of universal adversarial perturbations (UAPs), which fool most or all of the DNN classifiers we examined. Our results show that simple classifiers based on sparse coding are robust to UAPs that substantially degrade performance across a wide range of DNN architectures. We hypothesize that sparse latent representations, which correspond to fixed points of a dynamical attractor-or Hopfield network-are naturally denoising and remove small adversarial perturbations. We observe that analogous but reduced robustness is conferred by deep denoising autoencoders. Our results suggest that DNN-based classifiers may be designed to rely on more robust features, and thus may be less susceptible to adversarial attacks, if preceded by a denoising pre-processing layer.
ISSN:2332-5615
DOI:10.1109/AIPR50011.2020.9425143