Real-time Detection of Practical Universal Adversarial Perturbations
This addresses the vulnerability of deep neural networks to scalable and physically realizable adversarial attacks, offering a practical defense for robust machine learning deployment.
The paper tackles the problem of detecting universal adversarial perturbations (UAPs) in real-time, proposing HyperNeuron to identify suspicious neuron hyper-activations, achieving detection with a latency of only 0.86 milliseconds per image across tasks like image classification and object detection.
Universal Adversarial Perturbations (UAPs) are a prominent class of adversarial examples that exploit the systemic vulnerabilities and enable physically realizable and robust attacks against Deep Neural Networks (DNNs). UAPs generalize across many different inputs; this leads to realistic and effective attacks that can be applied at scale. In this paper we propose HyperNeuron, an efficient and scalable algorithm that allows for the real-time detection of UAPs by identifying suspicious neuron hyper-activations. Our results show the effectiveness of HyperNeuron on multiple tasks (image classification, object detection), against a wide variety of universal attacks, and in realistic scenarios, like perceptual ad-blocking and adversarial patches. HyperNeuron is able to simultaneously detect both adversarial mask and patch UAPs with comparable or better performance than existing UAP defenses whilst introducing a significantly reduced latency of only 0.86 milliseconds per image. This suggests that many realistic and practical universal attacks can be reliably mitigated in real-time, which shows promise for the robust deployment of machine learning systems.