Adversary Detection in Neural Networks via Persistent Homology
This addresses the security issue of adversarial attacks for users of neural networks, representing an incremental improvement with a novel detection method.
The paper tackles the problem of detecting adversarial inputs in deep neural networks by analyzing the topological differences in graphs induced by inputs, achieving 98% detection accuracy and an F1-score of 0.98 on MNIST.
We outline a detection method for adversarial inputs to deep neural networks. By viewing neural network computations as graphs upon which information flows from input space to out- put distribution, we compare the differences in graphs induced by different inputs. Specifically, by applying persistent homology to these induced graphs, we observe that the structure of the most persistent subgraphs which generate the first homology group differ between adversarial and unperturbed inputs. Based on this observation, we build a detection algorithm that depends only on the topological information extracted during training. We test our algorithm on MNIST and achieve 98% detection adversary accuracy with F1-score 0.98.