OrthoCNN: Mitigating Adversarial Noise in Convolutional Neural Networks via Orthogonal Projections

Aristeidis Bifis; Emmanouil Psarakis

doi:10.5220/0013389500003912

OrthoCNN: Mitigating Adversarial Noise in Convolutional Neural Networks via Orthogonal Projections

Aristeidis Bifis, Emmanouil Psarakis

2025

Abstract

Adversarial training is the standard method for improving the robustness of neural networks against adversarial attacks. However, a well-known trade-off exists: while adversarial training increases resilience to perturbations, it often results in a significant reduction in accuracy on clean (unperturbed) data. This compromise leads to models that are more resistant to adversarial attacks but less effective on natural inputs. In this paper, we introduce an extension to adversarial training by applying novel constraints on convolutional layers, that address this trade-off. Specifically, we use orthogonal projections to decompose the learned features into clean signal and adversarial noise, projecting them onto the range and null spaces of the network’s weight matrices. These constraints improve the separation of adversarial noise from useful signals during training, enhancing robustness while preserving the same performance on clean data as adversarial training. Our approach achieves significant improvements in robust accuracy while maintaining comparable clean accuracy, providing a balanced and effective adversarial defense strategy.

Download

Paper Citation

in Harvard Style

Bifis A. and Psarakis E. (2025). OrthoCNN: Mitigating Adversarial Noise in Convolutional Neural Networks via Orthogonal Projections. In Proceedings of the 20th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: VISAPP; ISBN 978-989-758-728-3, SciTePress, pages 889-896. DOI: 10.5220/0013389500003912

in Bibtex Style

@conference{visapp25,
author={Aristeidis Bifis and Emmanouil Psarakis},
title={OrthoCNN: Mitigating Adversarial Noise in Convolutional Neural Networks via Orthogonal Projections},
booktitle={Proceedings of the 20th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: VISAPP},
year={2025},
pages={889-896},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013389500003912},
isbn={978-989-758-728-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications - Volume 3: VISAPP
TI - OrthoCNN: Mitigating Adversarial Noise in Convolutional Neural Networks via Orthogonal Projections
SN - 978-989-758-728-3
AU - Bifis A.
AU - Psarakis E.
PY - 2025
SP - 889
EP - 896
DO - 10.5220/0013389500003912
PB - SciTePress