Understanding Measures of Uncertainty for Adversarial Example Detection

TL;DR

This paper analyzes various uncertainty measures for detecting adversarial examples, highlighting mutual information's effectiveness and proposing probabilistic ensembles to improve uncertainty estimation.

Contribution

It provides a comparative study of uncertainty measures, explains why mutual information works well, and introduces probabilistic ensembles to enhance adversarial detection.

Findings

Mutual information effectively detects adversarial examples.

MC dropout has notable failure modes.

Probabilistic ensembles improve uncertainty estimates.

Abstract

Measuring uncertainty is a promising technique for detecting adversarial examples, crafted inputs on which the model predicts an incorrect class with high confidence. But many measures of uncertainty exist, including predictive en- tropy and mutual information, each capturing different types of uncertainty. We study these measures, and shed light on why mutual information seems to be effective at the task of adversarial example detection. We highlight failure modes for MC dropout, a widely used approach for estimating uncertainty in deep models. This leads to an improved understanding of the drawbacks of current methods, and a proposal to improve the quality of uncertainty estimates using probabilistic model ensembles. We give illustrative experiments using MNIST to demonstrate the intuition underlying the different measures of uncertainty, as well as experiments on a real world Kaggle dogs vs cats classification dataset.