Detecting Adversarial Perturbations with Saliency
This addresses security concerns in machine learning models for applications like image recognition, but it is incremental as it builds on existing saliency-based methods.
The paper tackles the problem of detecting adversarial examples in image classification by training a binary classifier using both original and saliency data, showing that the detector generalizes well from strong to weak adversaries.
In this paper we propose a novel method for detecting adversarial examples by training a binary classifier with both origin data and saliency data. In the case of image classification model, saliency simply explain how the model make decisions by identifying significant pixels for prediction. A model shows wrong classification output always learns wrong features and shows wrong saliency as well. Our approach shows good performance on detecting adversarial perturbations. We quantitatively evaluate generalization ability of the detector, showing that detectors trained with strong adversaries perform well on weak adversaries.