Detecting Adversarial Examples
This addresses the security issue of adversarial attacks for users of DNNs, offering a lightweight and universal defense, though it is incremental as it builds on existing detection approaches.
The paper tackles the problem of deep neural networks being vulnerable to adversarial examples by proposing a novel detection method that analyzes layer outputs, achieving high effectiveness across domains like image, video, and audio.
Deep Neural Networks (DNNs) have been shown to be vulnerable to adversarial examples. While numerous successful adversarial attacks have been proposed, defenses against these attacks remain relatively understudied. Existing defense approaches either focus on negating the effects of perturbations caused by the attacks to restore the DNNs' original predictions or use a secondary model to detect adversarial examples. However, these methods often become ineffective due to the continuous advancements in attack techniques. We propose a novel universal and lightweight method to detect adversarial examples by analyzing the layer outputs of DNNs. Our method trains a lightweight regression model that predicts deeper-layer features from early-layer features, and uses the prediction error to detect adversarial samples. Through theoretical justification and extensive experiments, we demonstrate that our detection method is highly effective, compatible with any DNN architecture, and applicable across different domains, such as image, video, and audio.