Closeness and Uncertainty Aware Adversarial Examples Detection in Adversarial Machine Learning

Deep neural network (DNN) architectures are considered to be robust to random perturbations. Nevertheless, it was shown that they could be severely vulnerable to slight but carefully crafted perturbations of the input, which are termed as adversarial samples. In recent years, numerous studies have been conducted to increase the reliability of DNN models by distinguishing adversarial samples from regular inputs. In this work, we explore and assess the usage of 2 different groups of metrics in detecting adversarial samples: the ones which are based on the uncertainty estimation using Monte-Carlo Dropout Sampling and the ones which are based on closeness measures in the subspace of deep features extracted by the model. We also introduce a new feature for adversarial detection, and we show that the performances of all these metrics heavily depend on the strength of the attack being used.

[1]  L. Goddard Information Theory , 1962, Nature.

[2]  Kaya Oguz,et al.  Speech emotion recognition: Emotional models, databases, features, preprocessing methods, supporting modalities, and classifiers , 2020, Speech Commun..

[3]  Andrew L. Beam,et al.  Adversarial Attacks Against Medical Deep Learning Systems , 2018, ArXiv.

[4]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[5]  Ian J. Goodfellow,et al.  A Research Agenda: Dynamic Models to Defend Against Correlated Attacks , 2019, ArXiv.

[6]  Marc Combalia,et al.  Uncertainty Estimation in Deep Neural Networks for Dermoscopic Image Classification , 2020, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[7]  Ananthram Swami,et al.  Distillation as a Defense to Adversarial Perturbations Against Deep Neural Networks , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[9]  Yuhang Zhao,et al.  An adversarial attack on DNN-based black-box object detectors , 2020, J. Netw. Comput. Appl..

[10]  Roohie Naaz Mir,et al.  A comprehensive and systematic look up into deep learning based object detection techniques: A review , 2020, Comput. Sci. Rev..

[11]  David J. C. MacKay,et al.  Information Theory, Inference, and Learning Algorithms , 2004, IEEE Transactions on Information Theory.

[12]  Roland Vollgraf,et al.  Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms , 2017, ArXiv.

[13]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[14]  Ryan R. Curtin,et al.  Detecting Adversarial Samples from Artifacts , 2017, ArXiv.

[15]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[16]  Daniel Kroening,et al.  A survey of safety and trustworthiness of deep neural networks: Verification, testing, adversarial attack and defence, and interpretability , 2018, Comput. Sci. Rev..

[17]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[18]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[19]  Yixin Chen,et al.  Nonlinear Metric Learning with Kernel Density Estimation , 2015, IEEE Transactions on Knowledge and Data Engineering.

[20]  Siegfried Wahl,et al.  Leveraging uncertainty information from deep neural networks for disease detection , 2016, Scientific Reports.

[21]  S. Kadoury,et al.  Overview of Machine Learning: Part 2: Deep Learning for Medical Image Analysis. , 2020, Neuroimaging clinics of North America.

[22]  Ajmal Mian,et al.  Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018, IEEE Access.

[23]  Nir Morgulis,et al.  Fooling a Real Car with Adversarial Traffic Signs , 2019, ArXiv.

[24]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[25]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[26]  Doina Precup,et al.  Exploring Uncertainty Measures in Deep Networks for Multiple Sclerosis Lesion Detection and Segmentation , 2018, MICCAI.

[27]  Robert B. Ash,et al.  Information Theory , 2020, The SAGE International Encyclopedia of Mass Media and Society.

[28]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[29]  Yizhou Yu,et al.  ROSA: Robust Salient Object Detection Against Adversarial Attacks , 2019, IEEE Transactions on Cybernetics.

[30]  Danna Zhou,et al.  d. , 1934, Microbial pathogenesis.

[31]  Abubakr Gafar Abdalla,et al.  Probability Theory , 2017, Encyclopedia of GIS.