Adversarial Attack and Defence on Handwritten Chinese Character Recognition

Abstract

Abstract Deep Neural Networks (DNNs) have shown their powerful performance in classification; however, the robustness issue of DNNs has arisen as one primary concern, e.g., adversarial attack. So far as we know, there is not any reported work about the adversarial attack on handwritten Chinese character recognition (HCCR). To this end, the classical adversarial attack method (i.e., Projection Gradient Descent: PGD) is adopted to generate adversarial examples to evaluate the robustness of the HCCR model. Furthermore, in the training process, we use adversarial examples to improve the robustness of the HCCR model. In the experiments, we utilize a frequently-used DNN model on HCCR and evaluate its robustness on the benchmark dataset CASIA-HWDB. The experimental results show that its recognition accuracy is decreased severely on the adversarial examples, demonstrating the vulnerability of the current HCCR model. In addition, we can improve the recognition accuracy significantly after the adversarial training, demonstrating its effectiveness.