Deep convolutional neural networks (DCNNs) have been widely deployed in real-world scenarios. However, DCNNs are easily tricked by adversarial examples, which present challenges for critical applications, such as vehicle classification. To address this problem, we propose a novel end-to-end convolutional network for joint detection and removal of adversarial perturbations by denoising (DDAP). It gets rid of adversarial perturbations using the DDAP denoiser based on adversarial examples discovered by the DDAP detector. The proposed method can be regarded as a pre-processing step—it does not require modifying the structure of the vehicle classification model and hardly affects the classification results on clean images. We consider four kinds of adversarial attack (FGSM, BIM, DeepFool, PGD) to verify DDAP’s capabilities when trained on BIT-Vehicle and other public datasets. It provides better defense than other state-of-the-art defensive methods.

深卷积神经网络（DCNN）已在实际场景中广泛部署。但是，DCNN容易被对抗性示例欺骗，这对关键应用（例如车辆分类）提出了挑战。为了解决这个问题，我们提出了一种新颖的端到端卷积网络，用于通过去噪（DDAP）联合检测和消除对抗性扰动。它基于DDAP检测器发现的对抗示例，使用DDAP降噪器消除了对抗扰动。所提出的方法可以看作是预处理步骤-它不需要修改车辆分类模型的结构，并且几乎不会影响清晰图像上的分类结果。我们考虑了四种对抗性攻击（FGSM，BIM，DeepFool，PGD​​）以验证DDAP在BIT车辆和其他公共数据集上进行训练时的功能。它提供了比其他最新防御方法更好的防御。