arxiv_cv 95% Match Research Paper AI Researchers,Machine Learning Engineers,Security Experts,Computer Vision Engineers 2 days ago

Trans-defense: Transformer-based Denoiser for Adversarial Defense with Spatial-Frequency Domain Representation

ai-safety › robustness

📄 Abstract

Abstract: In recent times, deep neural networks (DNNs) have been successfully adopted for various applications. Despite their notable achievements, it has become evident that DNNs are vulnerable to sophisticated adversarial attacks, restricting their applications in security-critical systems. In this paper, we present two-phase training methods to tackle the attack: first, training the denoising network, and second, the deep classifier model. We propose a novel denoising strategy that integrates both spatial and frequency domain approaches to defend against adversarial attacks on images. Our analysis reveals that high-frequency components of attacked images are more severely corrupted compared to their lower-frequency counterparts. To address this, we leverage Discrete Wavelet Transform (DWT) for frequency analysis and develop a denoising network that combines spatial image features with wavelets through a transformer layer. Next, we retrain the classifier using the denoised images, which enhances the classifier's robustness against adversarial attacks. Experimental results across the MNIST, CIFAR-10, and Fashion-MNIST datasets reveal that the proposed method remarkably elevates classification accuracy, substantially exceeding the performance by utilizing a denoising network and adversarial training approaches. The code is available at https://github.com/Mayank94/Trans-Defense.

Authors (5)

Alik Pramanick

Mayank Bansal

Utkarsh Srivastava

Suklav Ghosh

Arijit Sur

Submitted

October 31, 2025

arXiv Category

cs.CV

arXiv PDF

Key Contributions

Trans-defense proposes a novel two-phase training method for adversarial defense using a transformer-based denoiser that integrates spatial and frequency domain approaches. By leveraging DWT to analyze frequency components and combining spatial features with wavelets, it effectively denoises attacked images, enhancing classifier robustness.

Business Value

Increases the security and reliability of AI systems in adversarial environments, crucial for applications like autonomous systems, secure communication, and threat detection.

Paper Metadata

Innovation Type

Algorithmic Improvement

Deployment Feasibility

Moderate. Requires implementing a two-phase training pipeline and integrating the transformer denoiser. DWT adds computational overhead.

Limitations Addressed

The vulnerability of deep neural networks to adversarial attacks, particularly the corruption of high-frequency components in attacked images.

Performance Gains

Improved robustness against adversarial attacks through effective denoising in both spatial and frequency domains.

Technical Tags

Adversarial DefenseTransformer DenoiserSpatial-Frequency DomainDiscrete Wavelet Transform (DWT)Deep Neural Networks (DNNs)RobustnessImage DenoisingFrequency AnalysisTwo-Phase Training

Research Topics

AI SafetyMachine LearningComputer VisionRobustnessSignal Processing

Methods & Architectures

Two-Phase TrainingSpatial and Frequency Domain DenoisingDiscrete Wavelet Transform (DWT)Transformer Layer Integration Deep Neural Networks (DNNs)Transformer Networks

Applications & Tasks

Computer Vision Image Security Security-Critical Systems Vulnerability of DNNs to adversarial attacksCorruption of high-frequency components in attacked images Adversarial DefenseImage DenoisingImage Classification

Related Fields

AI SafetyMachine Learning SecurityComputer VisionSignal ProcessingDeep Learning

Keywords

Adversarial DefenseTransformer NetworksDenoisingSpatial DomainFrequency DomainDiscrete Wavelet TransformDeep LearningRobustnessImage ProcessingAI SecurityTwo-Phase Training

Academic Context

#AI Safety#Machine Learning#Computer Vision#Robustness#Signal Processing

Commercial Potential

Potential Products

Robust image recognition modules for security systemsDefensive layers for AI models in sensitive applications

Target Industries

CybersecurityAutomotiveDefenseTechnology

Use Case Examples

Protecting facial recognition systems from adversarial manipulations.Enhancing the reliability of object detection in autonomous vehicles under noisy conditions.

Competitive Edge

Offers a hybrid spatial-frequency domain approach combined with transformers for denoising, potentially providing a more comprehensive defense than methods focusing on only one domain.

Market Opportunity

Growing demand for secure and robust AI solutions.

Revenue Models

Licensing of defense modulesintegration into security-focused AI platforms.

Resource Requirements

Compute Needs

Requires significant GPU resources for training both the denoiser and the classifier, especially with the transformer architecture.

Data Requirements

Requires image datasets and the ability to generate adversarial examples for training the denoiser.

Deployment Constraints

Increased computational cost due to denoising step,Complexity of the two-phase training process

Scalability

Scalability depends on the efficiency of the transformer denoiser and the DWT implementation. Processing large images or video streams may require optimization.

Regulatory Considerations

Important for applications requiring high assurance and resilience against manipulation.

Production Readiness

Maturity Level

Research

Time to Market

2-4 years for integration into robust systems.

Patent Potential

Moderate, concerning the specific combination of transformer denoising with spatial-frequency domain analysis for adversarial defense.

View Full Paper Back to Papers