A Novel Approach for Defense Against Adversarial Attacks in Image Classification

We propose a novel method to enhance the adversarial robustness of image classification models by leveraging discrete wavelet transforms (DWT). Our defense applies a two-level DWT decomposition to input images, entirely discarding the detail coefficients and preserving only the approximation components. These denoised images are then used to augment the clean training set, enabling robust model training without requiring access to adversarial examples.Using the CIFAR-10 dataset, we evaluate ResNet18 models against six white-box attacks: Fast Gradient Sign Method (FGSM), Projected Gradient Descent (PGD), DeepFool, Momentum Iterative FGSM (MI-FGSM), Jacobian-based Saliency Map Attack (JSMA), and AutoAttack. To explore the impact of wavelet selection, we test three wavelet families—Haar, Daubechies-4 (DB4), and Symlet-4 (SYM4)—training separate models for each.Evaluation on clean, adversarial, and denoised inputs demonstrates that wavelet-based augmentation significantly improves robustness against a broad range of attacks while preserving high accuracy on unperturbed data.