| Abstract | Neural networks are vulnerable to adversarial attacks, and ensembles of random transformations have been proposed to defend against them. For real-time applications of neural networks, such as autonomous driving or video surveillance, the defense mechanisms must not break the real-time constraints of the system. Therefore, we revisit the image transformations implemented in the literature and evaluate them in terms of runtime. In order to build an image transformation ensemble that is applicable for real-time use and guarantees the same level of security. We implement an extendible framework for the runtime analysis of image preprocessing functions to obtain comparable results for these metrics. We introduce several new transformation functions across both new and existing groups: Denoising, Geometry, Color Correction, and Morphology. These functions can replace computationally inefficient ones, potentially leading to runtime improvements of 71.03%. Furthermore, by substituting these functions, we achieve an increase of over 14% in benign and adversarial accuracy. |
|---|
