Adversarial Examples Detection with Bayesian Neural Network
This work addresses the security vulnerability of deep neural networks to adversarial attacks, which is a critical issue for deploying AI in safety-sensitive applications, and it represents an incremental improvement over existing detection methods.
The paper tackles the problem of detecting adversarial examples by proposing a Bayesian adversarial example detector (BATer) that leverages the randomness of Bayesian neural networks to simulate hidden layer output distributions and measure distributional differences between natural and adversarial examples. Empirical results show that BATer outperforms state-of-the-art detectors on several benchmark datasets against popular attacks.
In this paper, we propose a new framework to detect adversarial examples motivated by the observations that random components can improve the smoothness of predictors and make it easier to simulate the output distribution of a deep neural network. With these observations, we propose a novel Bayesian adversarial example detector, short for BATer, to improve the performance of adversarial example detection. Specifically, we study the distributional difference of hidden layer output between natural and adversarial examples, and propose to use the randomness of the Bayesian neural network to simulate hidden layer output distribution and leverage the distribution dispersion to detect adversarial examples. The advantage of a Bayesian neural network is that the output is stochastic while a deep neural network without random components does not have such characteristics. Empirical results on several benchmark datasets against popular attacks show that the proposed BATer outperforms the state-of-the-art detectors in adversarial example detection.