Entropy-Based Non-Invasive Reliability Monitoring of Convolutional Neural Networks
This addresses the vulnerability of CNNs to adversarial attacks for computer vision systems, offering a non-invasive monitoring solution, though it is incremental as it builds on existing entropy-based detection ideas.
The paper tackled the problem of detecting adversarial perturbations in CNNs without modifying the model, showing that adversarial inputs shift activation entropy by 7% in early layers, enabling 90% detection accuracy with false rates below 20%.
Convolutional Neural Networks (CNNs) have become the foundation of modern computer vision, achieving unprecedented accuracy across diverse image recognition tasks. While these networks excel on in-distribution data, they remain vulnerable to adversarial perturbations imperceptible input modifications that cause misclassification with high confidence. However, existing detection methods either require expensive retraining, modify network architecture, or degrade performance on clean inputs. Here we show that adversarial perturbations create immediate, detectable entropy signatures in CNN activations that can be monitored without any model modification. Using parallel entropy monitoring on VGG-16, we demonstrate that adversarial inputs consistently shift activation entropy by 7% in early convolutional layers, enabling 90% detection accuracy with false positives and false negative rates below 20%. The complete separation between clean and adversarial entropy distributions reveals that CNNs inherently encode distribution shifts in their activation patterns. This work establishes that CNN reliability can be assessed through activation entropy alone, enabling practical deployment of self-diagnostic vision systems that detect adversarial inputs in real-time without compromising original model performance.