Inspecting adversarial examples using the Fisher information
This work addresses the issue of adversarial attacks for neural network security, but it is incremental as it applies an existing method to new detection tasks.
The paper tackled the problem of detecting adversarial examples in neural networks by using Fisher information, demonstrating its potential through applications on MNIST, CIFAR10, and Fruits-360 datasets.
Adversarial examples are slight perturbations that are designed to fool artificial neural networks when fed as an input. In this work the usability of the Fisher information for the detection of such adversarial attacks is studied. We discuss various quantities whose computation scales well with the network size, study their behavior on adversarial examples and show how they can highlight the importance of single input neurons, thereby providing a visual tool for further analyzing (un-)reasonable behavior of a neural network. The potential of our methods is demonstrated by applications to the MNIST, CIFAR10 and Fruits-360 datasets.