Open-Set Adversarial Defense with Clean-Adversarial Mutual Learning

Open-set recognition and adversarial defense study two key aspects of deep learning that are vital for real-world deployment. The objective open-set is to identify samples from classes during testing, while aims robustify the network against images perturbed by imperceptible noise. This paper demonstrates systems vulnerable samples. Furthermore, this shows mechanisms trained on known unable generalize well Motivated these observations, we emphasize necessity an Open-Set Adversarial Defense (OSAD) mechanism. proposes Network with Clean-Adversarial Mutual Learning (OSDN-CAML) as a solution OSAD problem. proposed designs encoder dual-attentive feature-denoising layers coupled classifier learn noise-free latent feature representation, which adaptively removes noise guided channel spatial-wise attentive filters. Several techniques exploited informative space aim improving performance recognition. First, incorporate decoder ensure clean can be reconstructed obtained features. Then, self-supervision used features enough carry out auxiliary task. Finally, exploit more complementary knowledge image classification facilitate denoising search generalized local minimum recognition, further propose clean-adversarial mutual learning, where peer (classifying images) introduced mutually images). We testing protocol evaluate show effectiveness method white-box attacks, black-box rectangular occlusion attack in multiple object datasets.