Defense mechanism against adversarial attacks for optical character recognition system

Abstract

" Deep neural networks are widely being employed for Machine learning related tasks like Optical Character Recognition. Modern OCR is a computer vision task which adopts DNN and are found to be vulnerable against adversarial samples. Adversarial text images can successfully mislead the model to produce erroneous outputs. These perturbations are crafted in a way which is benign to the human eye. Number of defenses have been proposed in the literature for image classification models. However, these approaches are not directly applicable to OCR. This research attempts to employ an image compression and transformation defense approach against the CRNN model to overcome this issue in a considerable way. Image transformation techniques are used to transform the images by compression before it is fed into the CRNN network. This eliminates the perturbations from the input level itself. This research project facilitates varying levels of compression. The author conducted experiments and results showcases that the defense was able to eliminate most of the perturbations for attacks like FGSM and recognize the misclassified text accurately. A much faster defense which can be seamlessly integrated with most of the models compared to the existing defenses in literature. "