TY  - EJOU
AU  - Li, Baolin 
AU  - Hu, Tao 
AU  - Liu, Xinlei 
AU  - Xie, Jichao 
AU  - Yi, Peng 

TI  - An Effective Adversarial Defense Framework: From Robust Feature Perspective
T2  - Computers, Materials \& Continua

PY  - 2025
VL  - 85
IS  - 1
SN  - 1546-2226

AB  - Deep neural networks are known to be vulnerable to adversarial attacks. Unfortunately, the underlying mechanisms remain insufficiently understood, leading to empirical defenses that often fail against new attacks. In this paper, we explain adversarial attacks from the perspective of robust features, and propose a novel Generative Adversarial Network (GAN)-based Robust Feature Disentanglement framework (GRFD) for adversarial defense. The core of GRFD is an adversarial disentanglement structure comprising a generator and a discriminator. For the generator, we introduce a novel Latent Variable Constrained Variational Auto-Encoder (LVCVAE), which enhances the typical beta-VAE with a constrained rectification module to enforce explicit clustering of latent variables. To supervise the disentanglement of robust features, we design a Robust Supervisory Model (RSM) as the discriminator, sharing architectural alignment with the target model. The key innovation of RSM is our proposed Feature Robustness Metric (FRM), which serves as part of the training loss and synthesizes the classification ability of features as well as their resistance to perturbations. Extensive experiments on three benchmark datasets demonstrate the superiority of GRFD: it achieves 93.69% adversarial accuracy on MNIST, 77.21% on CIFAR10, and 58.91% on CIFAR100 with minimal degradation in clean accuracy. Codes are available at:  (accessed on 23 July 2025).
KW  - Adversarial defense; robust features; disentanglement; VAE
KW  -  GAN

DO  - 10.32604/cmc.2025.066370