FeatureLens: A Highly Generalizable and Interpretable Framework for Detecting Adversarial Examples Based on Image Features
This addresses the problem of adversarial example detection for image classification systems, offering improved interpretability and generalization, though it is incremental as it builds on existing detection methods with a new lightweight approach.
The paper tackles the vulnerability of deep neural networks to adversarial attacks by proposing FeatureLens, a lightweight and interpretable framework that detects adversarial examples based on image features, achieving detection accuracies from 97.8% to 99.75% in closed-set and 86.17% to 99.6% in generalization evaluations across multiple attack types.
Although the remarkable performance of deep neural networks (DNNs) in image classification, their vulnerability to adversarial attacks remains a critical challenge. Most existing detection methods rely on complex and poorly interpretable architectures, which compromise interpretability and generalization. To address this, we propose FeatureLens, a lightweight framework that acts as a lens to scrutinize anomalies in image features. Comprising an Image Feature Extractor (IFE) and shallow classifiers (e.g., SVM, MLP, or XGBoost) with model sizes ranging from 1,000 to 30,000 parameters, FeatureLens achieves high detection accuracy ranging from 97.8% to 99.75% in closed-set evaluation and 86.17% to 99.6% in generalization evaluation across FGSM, PGD, CW, and DAmageNet attacks, using only 51 dimensional features. By combining strong detection performance with excellent generalization, interpretability, and computational efficiency, FeatureLens offers a practical pathway toward transparent and effective adversarial defense.