Detecting Adversarial Examples from Sensitivity Inconsistency of Spatial-Transform Domain
نویسندگان
چکیده
Deep neural networks (DNNs) have been shown to be vulnerable against adversarial examples (AEs), which are maliciously designed cause dramatic model output errors. In this work, we reveal that normal (NEs) insensitive the fluctuations occurring at highly-curved region of decision boundary, while AEs typically over one single domain (mostly spatial domain) exhibit exorbitant sensitivity on such fluctuations. This phenomenon motivates us design another classifier (called dual classifier) with transformed can collaboratively used original primal detect AEs, by virtue inconsistency. When comparing state-of-the-art algorithms based Local Intrinsic Dimensionality (LID), Mahalanobis Distance (MD), and Feature Squeezing (FS), our proposed Sensitivity Inconsistency Detector (SID) achieves improved AE detection performance superior generalization capabilities, especially in challenging cases where perturbation levels small. Intensive experimental results ResNet VGG validate superiority SID.
منابع مشابه
Detecting Adversarial Examples - A Lesson from Multimedia Forensics
Adversarial classification is the task of performing robust classification in the presence of a strategic attacker. Originating from information hiding and multimedia forensics, adversarial classification recently received a lot of attention in a broader security context. In the domain of machine learningbased image classification, adversarial classification can be interpreted as detecting so-c...
متن کاملReabsNet: Detecting and Revising Adversarial Examples
Though deep neural network has hit a huge success in recent studies and applications, it still remains vulnerable to adversarial perturbations which are imperceptible to humans. To address this problem, we propose a novel network called ReabsNet to achieve high classification accuracy in the face of various attacks. The approach is to augment an existing classification network with a guardian n...
متن کاملDetecting Adversarial Examples via Neural Fingerprinting
Deep neural networks are vulnerable to adversarial examples, which dramatically alter model output using small input changes. We propose NeuralFingerprinting, a simple, yet effective method to detect adversarial examples by verifying whether model behavior is consistent with a set of secret fingerprints, inspired by the use of biometric and cryptographic signatures. The benefits of our method a...
متن کاملDetecting Adversarial Examples in Deep Networks with Adaptive Noise Reduction
Deep neural networks (DNNs) play a key role in many applications. Unsurprisingly, they also became a potential attack target of adversaries. Some studies have demonstrated DNN classifiers can be fooled by the adversarial example, which is crafted via introducing some perturbations into an original sample. Accordingly, some powerful defense techniques were proposed against adversarial examples. ...
متن کاملSafetyNet: Detecting and Rejecting Adversarial Examples Robustly Supplementary Materials
Our SceneProof dataset is processed from NYU Depth v2 raw captures, Sintel Synthetic RGBD dataset and Middlebury Stereo dataset. The dataset is split into part I and part II. Part I contains NYU natural image & depth pairs, along with manipulated unnatural scenes (swap depth, insert region, predicted depth, scale & shift depth), refer to Figure 1. It is used to train our classifier and work as ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Proceedings of the ... AAAI Conference on Artificial Intelligence
سال: 2021
ISSN: ['2159-5399', '2374-3468']
DOI: https://doi.org/10.1609/aaai.v35i11.17187