# A Data-driven Adversarial Examples Recognition Framework via Adversarial   Feature Genome

**Authors:** Li Chen, Qi Li, Weiye Chen, Zeyu Wang, Haifeng Li

arXiv: 1812.10085 · 2022-01-27

## TL;DR

This paper introduces the Adversarial Feature Genome (AFG), a novel data representation that captures class features and differences, enabling both detection and recovery of adversarial examples in CNNs with high accuracy.

## Contribution

The paper proposes the AFG framework that combines class features and differences for adversarial example detection and label recovery, inspired by the Adversarial Feature Separability phenomenon.

## Key findings

- Detection and classification accuracy exceeds 90% in various attack scenarios.
- First method to focus on both attack detection and label recovery.
- Provides a new data-driven approach to improve CNN robustness.

## Abstract

Adversarial examples pose many security threats to convolutional neural networks (CNNs). Most defense algorithms prevent these threats by finding differences between the original images and adversarial examples. However, the found differences do not contain features about the classes, so these defense algorithms can only detect adversarial examples without recovering the correct labels. In this regard, we propose the Adversarial Feature Genome (AFG), a novel type of data that contains both the differences and features about classes. This method is inspired by an observed phenomenon, namely the Adversarial Feature Separability (AFS), where the difference between the feature maps of the original images and adversarial examples becomes larger with deeper layers. On top of that, we further develop an adversarial example recognition framework that detects adversarial examples and can recover the correct labels. In the experiments, the detection and classification of adversarial examples by AFGs has an accuracy of more than 90.01\% in various attack scenarios. To the best of our knowledge, our method is the first method that focuses on both attack detecting and recovering. AFG gives a new data-driven perspective to improve the robustness of CNNs. The source code is available at https://github.com/GeoX-Lab/Adv_Fea_Genome.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1812.10085/full.md

## Figures

11 figures with captions in the complete paper: https://tomesphere.com/paper/1812.10085/full.md

## References

50 references — full list in the complete paper: https://tomesphere.com/paper/1812.10085/full.md

---
Source: https://tomesphere.com/paper/1812.10085