Effective and Robust Detection of Adversarial Examples via Benford-Fourier Coefficients
This addresses the threat of adversarial attacks for AI security, but it is incremental as it builds on existing detection frameworks.
The paper tackles the problem of detecting adversarial examples in deep neural networks by proposing a detector based on Benford-Fourier coefficients derived from the shape factor of generalized Gaussian distributions, achieving superior effectiveness and robustness compared to state-of-the-art methods in image classification experiments.
Adversarial examples have been well known as a serious threat to deep neural networks (DNNs). In this work, we study the detection of adversarial examples, based on the assumption that the output and internal responses of one DNN model for both adversarial and benign examples follow the generalized Gaussian distribution (GGD), but with different parameters (i.e., shape factor, mean, and variance). GGD is a general distribution family to cover many popular distributions (e.g., Laplacian, Gaussian, or uniform). It is more likely to approximate the intrinsic distributions of internal responses than any specific distribution. Besides, since the shape factor is more robust to different databases rather than the other two parameters, we propose to construct discriminative features via the shape factor for adversarial detection, employing the magnitude of Benford-Fourier coefficients (MBF), which can be easily estimated using responses. Finally, a support vector machine is trained as the adversarial detector through leveraging the MBF features. Extensive experiments in terms of image classification demonstrate that the proposed detector is much more effective and robust on detecting adversarial examples of different crafting methods and different sources, compared to state-of-the-art adversarial detection methods.