Test-time adversarial detection and robustness for localizing humans using ultra wide band channel impulse responses
This work addresses security vulnerabilities in car keyless entry systems, offering an incremental improvement in adversarial defense without requiring prior adversarial training.
The paper tackles the problem of defending neural network-based keyless entry systems against adversarial attacks by proposing a test-time adversarial detector and robustness method, resulting in a 55.33% mean performance increase for FGSM and 6.3% for BIM and PGD over 15 perturbation levels.
Keyless entry systems in cars are adopting neural networks for localizing its operators. Using test-time adversarial defences equip such systems with the ability to defend against adversarial attacks without prior training on adversarial samples. We propose a test-time adversarial example detector which detects the input adversarial example through quantifying the localized intermediate responses of a pre-trained neural network and confidence scores of an auxiliary softmax layer. Furthermore, in order to make the network robust, we extenuate the non-relevant features by non-iterative input sample clipping. Using our approach, mean performance over 15 levels of adversarial perturbations is increased by 55.33% for the fast gradient sign method (FGSM) and 6.3% for both the basic iterative method (BIM) and the projected gradient method (PGD).