With the increasing deployment of deep neural networks in safety-critical applications such as self-driving cars, medical imaging, anomaly detection, etc., adversarial robustness has become a crucial concern in the reliability of these networks in real-world scenarios. A plethora of works based on adversarial training and regularization-based techniques have been proposed to make these deep networks robust against adversarial attacks. However, these methods require either retraining models or training them from scratch, making them infeasible to defend pre-trained models when access to training data is restricted. To address this problem, we propose a test time Data-free Adversarial Defense (DAD) containing detection and correction frameworks. Moreover, to further improve the efficacy of the correction framework in cases when the detector is under-confident, we propose a soft-detection scheme (dubbed as "DAD++"). We conduct a wide range of experiments and ablations on several datasets and network architectures to show the efficacy of our proposed approach. Furthermore, we demonstrate the applicability of our approach in imparting adversarial defense at test time under data-free (or data-efficient) applications/setups, such as Data-free Knowledge Distillation and Source-free Unsupervised Domain Adaptation, as well as Semi-supervised classification frameworks. We observe that in all the experiments and applications, our DAD++ gives an impressive performance against various adversarial attacks with a minimal drop in clean accuracy. The source code is available at: https://github.com/vcl-iisc/Improved-Data-free-Test-Time-Adversarial-Defense

翻译：随着深度神经网络在自动驾驶、医学影像、异常检测等安全关键型应用中的广泛部署，对抗鲁棒性已成为其在现实场景中可靠性的关键问题。基于对抗训练和正则化技术的大量工作已被提出，以增强深度网络抵御对抗攻击的能力。然而，这些方法需要重新训练模型或从头训练，导致在训练数据受限时无法有效防御预训练模型。为解决此问题，我们提出一种包含检测与修正框架的测试时无数据对抗防御（DAD）。此外，为在检测器置信度不足时进一步提升修正框架的有效性，我们提出一种软检测方案（称为"DAD++"）。我们在多个数据集与网络架构上开展了广泛的实验与消融研究，以证明所提方法的有效性。进一步地，我们展示了该方法在无数据（或数据高效）应用/场景下的测试时对抗防御适用性，例如无数据知识蒸馏、无源无监督域适应以及半监督分类框架。在所有实验与应用中，我们发现DAD++在多种对抗攻击下均表现出色，且干净准确率下降极小。源代码见：https://github.com/vcl-iisc/Improved-Data-free-Test-Time-Adversarial-Defense