Sitatapatra: Blocking the Transfer of Adversarial Samples
This addresses security vulnerabilities in CNNs for computer vision applications, offering a practical defense against adversarial attacks with low computational cost.
The paper tackles the problem of adversarial sample transfer between CNNs by introducing Sitatapatra, a system that diversifies networks with cryptographic keys to block such transfers and detect attacks, often enabling traceback to the source device with minimal runtime overhead.
Convolutional Neural Networks (CNNs) are widely used to solve classification tasks in computer vision. However, they can be tricked into misclassifying specially crafted `adversarial' samples -- and samples built to trick one model often work alarmingly well against other models trained on the same task. In this paper we introduce Sitatapatra, a system designed to block the transfer of adversarial samples. It diversifies neural networks using a key, as in cryptography, and provides a mechanism for detecting attacks. What's more, when adversarial samples are detected they can typically be traced back to the individual device that was used to develop them. The run-time overheads are minimal permitting the use of Sitatapatra on constrained systems.