LanCeX: A Versatile and Lightweight Defense Method against Condensed Adversarial Attacks in Image and Audio Recognition

Abstract

Convolutional Neural Networks (CNNs) are widely deployed in various embedded recognition applications. However, they demonstrate a considerable vulnerability to adversarial attacks, which leverage the well-designed perturbations to mislead the recognition results. Recently, for easier perturbation injection and higher attack effectiveness, the adversarial perturbations have been concentrated into a small area with various types and different data modalities. When defending such condensed adversarial attacks on the embedded recognition scenarios, most of the existing defense works highlight two critical issues. First, they are particularly designed for each individual condensed attack scenario, lacking enough versatility to accommodate attacks with different data modalities. Second, they rely on computation-intensive preprocessing techniques, which is impractical for time-sensitive embedded recognition scenarios. In this article, we propose LanCeX-a versatile and lightweight CNN defense solution against condensed adversarial attacks. By examining the CNN's intrinsic vulnerability, we first identify the common attacking mechanism behind condensed adversarial attacks across different data modalities. Based on this mechanism, LanCeX can defend against various condensed attacks with the optimal computation workload in different recognition scenarios. Experiments show that LanCeX can achieve an average 91%, 85%, and 90% detection success rate and optimal adversarial mitigation performance in three recognition scenarios, respectively: image classification, object detection, and audio recognition. Moreover, LanCeX is at most 3× faster compared with the state-of-the-art defense methods, making it feasible to use with resource-constrained embedded systems.