TY - GEN
T1 - Adversarial Examples Detection Using No-Reference Image Quality Features
AU - Akhtar, Zahid
AU - Monteiro, Joao
AU - Falk, Tiago H.
N1 - Publisher Copyright: © 2018 IEEE.
PY - 2018/12/21
Y1 - 2018/12/21
N2 - Recently, it has been discovered that Deep Neural Networks (DNNs) are highly vulnerable to deliberate perturbations, which, when added to the input sample, can mislead the DNNs based systems. The corresponding samples with deliberate perturbations are called adversarial examples (AEs). The challenge of AEs is very critical in security and safety systems, which if fooled or misled can yield serious consequences. Therefore, it is essential to devise methods to enhance the robustness of DNNs against adversarial attacks. Quintessential mechanism is adversarial examples detection. An adversarial attack detection method aims at disambiguating clean samples from AEs. More recently, few techniques have been proposed in the literature, nonetheless majority of them are very complex or not able to attain low enough error rates. In this paper, we present a novel technique to improve the security of DNNs by detecting different types of AEs. The proposed framework presents a very low degree of complexity and utilizes ten nonintrusive image quality features to distinguish between legitimate and adversarial attack samples. Experimental analysis on the standard MNIST and CIFAR10 datasets shows promising results not only for different adversarial examples generation methods but also various additive perturbations.
AB - Recently, it has been discovered that Deep Neural Networks (DNNs) are highly vulnerable to deliberate perturbations, which, when added to the input sample, can mislead the DNNs based systems. The corresponding samples with deliberate perturbations are called adversarial examples (AEs). The challenge of AEs is very critical in security and safety systems, which if fooled or misled can yield serious consequences. Therefore, it is essential to devise methods to enhance the robustness of DNNs against adversarial attacks. Quintessential mechanism is adversarial examples detection. An adversarial attack detection method aims at disambiguating clean samples from AEs. More recently, few techniques have been proposed in the literature, nonetheless majority of them are very complex or not able to attain low enough error rates. In this paper, we present a novel technique to improve the security of DNNs by detecting different types of AEs. The proposed framework presents a very low degree of complexity and utilizes ten nonintrusive image quality features to distinguish between legitimate and adversarial attack samples. Experimental analysis on the standard MNIST and CIFAR10 datasets shows promising results not only for different adversarial examples generation methods but also various additive perturbations.
KW - Adversarial Attacks
KW - Adversarial Examples
KW - Deep Learning
KW - Deep Neural Networks
KW - Pattern Classification
UR - https://www.scopus.com/pages/publications/85060673515
U2 - 10.1109/CCST.2018.8585591
DO - 10.1109/CCST.2018.8585591
M3 - Conference contribution
T3 - Proceedings - International Carnahan Conference on Security Technology
BT - 52nd Annual 2018 IEEE International Carnahan Conference on Security Technology, ICCST 2018 - Proceedings
A2 - Rich, Brian G.
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 52nd Annual IEEE International Carnahan Conference on Security Technology, ICCST 2018
Y2 - 22 October 2018 through 25 October 2018
ER -