Detect Adversarial Examples by Using Feature Autoencoder
Authors: 
Hongwei Ye, Xiaozhang Liu, Anli Yan, Lang Li, Xiulai LiAuthors Info & Claims
Pages 233 - 242
Abstract
The existence of adversarial samples seriously threatens the security of various deep learning models. Therefore, the detection of adversarial examples is a very important work. Motivated by the comparison with feature maps of adversarial examples and normal examples, we designed an autoencoder to detect the adversarial examples using the feature maps. The feature autoencoder has been evaluated to detect FGSM, DeepFool, JSMA and C&W attacks on CIFAR-10 datasets. The experimental results showed that feature-level detector can detect state-of-art attacks more effectively than at the pixel-level.
References
[1]
Hinton G, Deng L, and Yu D Deep neural networks for acoustic modeling in speech recognition: the shared views of four research groups IEEE Signal Process. Mag. 2012 29 82-97
[2]
Alex, K., Ilya, S., Hg, E.: Imagenet classification with deep convolutional neural networks. In: Proceedings of NIPS, IEEE, Neural Information Processing System Foundation, pp. 1097–1105 (2012)
[3]
Liu W, Wang Z, Liu X, Zeng N, Liu Y, and Alsaadi F A survey of deep neural network architectures and their applications Neurocomputing 2016 234 11-26
[4]
Szegedy, C., Zaremba, W., Goodfellow, I.: Intriguing properties of neural networks. arXiv:1312.6199 (2013)
[5]
Xu H et al. Adversarial attacks and defenses in images, graphs and text: a review IEEE Signal Process. Mag. 2020 17 151-178
[6]
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv:1412.6572 (2014)
[7]
Papernot, N., Mcdaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: IEEE European Symposium on Security & Privacy (2015)
[8]
Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. arXiv:1511.04599 (2015)
[9]
Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. arXiv:1608.04644 (2016)
[10]
Moosavi-Dezfooli, S.M., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp.86–94 (2017)
[11]
Gu, T., Dolan-Gavitt, B., Garg, S.: Identifying vulnerabilities in the machine learning model supply chain (2017)
[12]
Gong, Z., Wang, W., Ku, W.S.: Adversarial and clean data are not twins. arXiv:1704.04960 (2017)
[13]
Akhtar, N., Liu, J., Mian, A.: Defense against universal adversarial perturbations. arXiv:1711.05929 (2017)
[14]
Hendrycks, D., Gimpel, K.: Early methods for detecting adversarial images. arXiv:1608.00530 (2016)
[15]
Grosse, K., Manoharan, P., Papernot, N., et al.: On the (statistical) detection of adversarial examples. arXiv:1702.06280 (2017)
[16]
Lee S, Kim NR, Cho Y, Choi JY, Kim S, et al. Adversarial detection with gaussian process regression-based detector KSII Trans. Internet Inf. Syst. 2019 13 4285-4299
[17]
Goodfellow, I., Bengio, Y., Courville, A.: Deep learning. MIT Press, New York (2016). http://www.deeplearningbook.org
[18]
IBM, Welcome to the adversarial robustness toolbox (2019). https://adversarial-robustness-toolbox.readthedocs.io/en/stable/
[19]
Krizhevsky, A., Nair, V., Hinton, G.: CIFAR-10 and CIFAR-100 datasets (2009). https://www.cs.toronto.edu/~kriz/cifar.html
[20]
Davis, J., Goadrich, M.: The relationship between precision-recall and ROC curves. In: Proceedings of the 23rd International Conference on Machine Learning, vol. 6. ACM (2006)
Index Terms
- Detect Adversarial Examples by Using Feature Autoencoder
Index terms have been assigned to the content through auto-classification.
Recommendations
Feature autoencoder for detecting adversarial examples
AbstractDeep neural networks (DNNs) have gained widespread adoption in computer vision. Unfortunately, state‐of‐the‐art DNNs are vulnerable to adversarial example (AE) attacks, where an adversary introduces imperceptible perturbations to a test example ...
A lightweight unsupervised adversarial detector based on autoencoder and isolation forest
AbstractAlthough deep neural networks (DNNs) have performed well on many perceptual tasks, they are vulnerable to adversarial examples that are generated by adding slight but maliciously crafted perturbations to benign images. Adversarial detection is an ...
Highlights- We observe that adversarial detection is sensitive to the perturbation level.
- We train a shallow autoencoder to find two key features from adversarial examples.
- We propose a lightweight and unsupervised adversarial detector.
A hybrid adversarial training for deep learning model and denoising network resistant to adversarial examples
AbstractDeep neural networks (DNNs) are vulnerable to adversarial attacks that generate adversarial examples by adding small perturbations to the clean images. To combat adversarial attacks, the two main defense methods used are denoising and adversarial ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Jul 2022
743 pages
ISBN:978-3-031-06790-7
DOI:10.1007/978-3-031-06791-4
- Editors:
- Xingming Sun,
- Xiaorui Zhang,
- Zhihua Xia,
- Elisa Bertino
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2022.
Publisher
Springer-Verlag
Berlin, Heidelberg
Publication History
Published: 15 July 2022
Author Tags
Qualifiers
- Article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Jan 2025