On Lyapunov exponents and adversarial perturbation
Vinay Uday Prabhu, Nishant Desai, John Whaley
TL;DR
This paper discovers that Lyapunov exponents of 1-D time series representations of images can effectively distinguish adversarial examples from legitimate ones, serving as a pre-classification filter to improve CNN robustness.
Contribution
It introduces a novel use of Lyapunov exponents as a filtering defense against adversarial perturbations in image classification tasks.
Findings
Lyapunov exponents are highly discriminative features for adversarial detection.
The method can pre-classify images as adversarial or legitimate before CNN classification.
Potential false alarms occur with non-adversarial noisy images.
Abstract
In this paper, we would like to disseminate a serendipitous discovery involving Lyapunov exponents of a 1-D time series and their use in serving as a filtering defense tool against a specific kind of deep adversarial perturbation. To this end, we use the state-of-the-art CleverHans library to generate adversarial perturbations against a standard Convolutional Neural Network (CNN) architecture trained on the MNIST as well as the Fashion-MNIST datasets. We empirically demonstrate how the Lyapunov exponents computed on the flattened 1-D vector representations of the images served as highly discriminative features that could be to pre-classify images as adversarial or legitimate before feeding the image into the CNN for classification. We also explore the issue of possible false-alarms when the input images are noisy in a non-adversarial sense.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Bacillus and Francisella bacterial research · Advanced Malware Detection Techniques