Paper ID | MLSP-39.5 | ||
Paper Title | Adversarial Examples Detection beyond Image Space | ||
Authors | Kejiang Chen, University of Science and Technology of China, China; Yuefeng Chen, Alibaba group, China; Hang Zhou, Chuan Qin, University of Science and Technology of China, China; Xiaofeng Mao, Alibaba group, China; Weiming Zhang, NengHai Yu, University of Science and Technology of China, China | ||
Session | MLSP-39: Adversarial Machine Learning | ||
Location | Gather.Town | ||
Session Time: | Friday, 11 June, 11:30 - 12:15 | ||
Presentation Time: | Friday, 11 June, 11:30 - 12:15 | ||
Presentation | Poster | ||
Topic | Machine Learning for Signal Processing: [MLR-DEEP] Deep learning techniques | ||
IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
Abstract | Deep neural networks have been proved that they are vulnerable to adversarial examples, which are generated by adding human-imperceptible perturbations to images. To defend these adversarial examples, various detection based methods have been proposed. However, most of them perform poorly on detecting adversarial examples with extremely slight perturbations. By exploring these adversarial examples, we find that there exists compliance between perturbations and prediction confidence, which guides us to detect few-perturbation attacks from the aspect of prediction confidence. To detect both few-perturbation attacks and large-perturbation attacks, we propose a method beyond image space by a two-stream architecture, in which the image stream focuses on the pixel artifacts and the gradient stream copes with the confidence artifacts. The experimental results show that the proposed method outperforms the existing methods under oblivious attacks and is verified effective to defend omniscient attacks as well. |