Adversarial Sample Detection Through Neural Network Transport Dynamics
This work addresses adversarial sample detection for neural network security, presenting an incremental improvement with a novel method based on transport dynamics.
The paper tackles the problem of detecting adversarial samples by viewing neural networks as discrete dynamic systems and comparing the vector fields inputs follow through layers, achieving favorable detection performance on both seen and unseen attacks while also improving test accuracy through regularization.
We propose a detector of adversarial samples that is based on the view of neural networks as discrete dynamic systems. The detector tells clean inputs from abnormal ones by comparing the discrete vector fields they follow through the layers. We also show that regularizing this vector field during training makes the network more regular on the data distribution's support, thus making the activations of clean inputs more distinguishable from those of abnormal ones. Experimentally, we compare our detector favorably to other detectors on seen and unseen attacks, and show that the regularization of the network's dynamics improves the performance of adversarial detectors that use the internal embeddings as inputs, while also improving test accuracy.