The vulnerability of Deep Neural Networks to adversarial perturbations presents significant security concerns, as the imperceptible perturbations can contaminate the feature space and lead to incorrect predictions. Recent studies have attempted to calibrate contaminated features by either suppressing or over-activating particular channels. Despite these efforts, we claim that adversarial attacks exhibit varying disruption levels across individual channels. Furthermore, we argue that harmonizing feature maps via graph and employing graph convolution can calibrate contaminated features. To this end, we introduce an innovative plug-and-play module called Feature Map-based Reconstructed Graph Convolution (FMR-GC). FMR-GC harmonizes feature maps in the channel dimension to reconstruct the graph, then employs graph convolution to capture neighborhood information, effectively calibrating contaminated features. Extensive experiments have demonstrated the superior performance and scalability of FMR-GC. Moreover, our model can be combined with advanced adversarial training methods to considerably enhance robustness without compromising the model's clean accuracy.

翻译：深度神经网络对对抗扰动的脆弱性引发了严重的安全隐患，因为难以察觉的扰动会污染特征空间并导致错误预测。近期研究尝试通过抑制或过度激活特定通道来校准受污染特征。尽管已有这些努力，我们认为对抗攻击在不同通道上表现出不同程度的破坏性。此外，我们主张通过图结构协调特征图并运用图卷积能够有效校准受污染特征。为此，我们提出了一种创新的即插即用模块——基于特征图重构的图卷积（FMR-GC）。FMR-GC在通道维度上协调特征图以重构图结构，随后利用图卷积捕获邻域信息，从而有效校准受污染特征。大量实验证明了FMR-GC的卓越性能和可扩展性。此外，我们的模型可与先进的对抗训练方法结合，在保持模型洁净精度的同时显著提升鲁棒性。