MAEDefense: An Effective Masked AutoEncoder Defense against Adversarial Attacks

Recent studies have demonstrated that deep neural networks (DNNs) are vulnerable to attacks when adversarial perturbations are added to the clean samples. Reconstructing clean samples under the premise of inputting adversarial perturbations is a challenging task. To address this issue, this paper proposes a Mask AutoEncoder Defense (MAEDefense) framework to counter adversarial attacks. Firstly, the adversarial sample is divided into two complementary masked images. Secondly, the two masked images with carefully crafted adversarial noise locations are reassigned to non-adversarial noise locations. Finally, the two reconstructed images are pixel-wise fused (weighted average) to obtain a "clean image". The proposed method requires no external training and is easy to implement. Experimental results show that the proposed method significantly defends against white-box attacks and black-box transferable attacks compared with state-of-the-art methods.