# MetaAdvDet: Towards Robust Detection of Evolving Adversarial Attacks

**Authors:** Chen Ma, Chenxu Zhao, Hailin Shi, Li Chen, Junhai Yong, Dan Zeng

arXiv: 1908.02199 · 2019-08-07

## TL;DR

This paper introduces MetaAdvDet, a meta-learning based method for detecting evolving adversarial attacks on neural networks, especially effective with limited attack samples, outperforming traditional detection methods.

## Contribution

The paper proposes a novel double-network meta-learning framework for robust adversarial attack detection with few-shot samples, addressing the challenge of evolving attack methods.

## Key findings

- Outperforms traditional detection methods on CIFAR-10, MNIST, and Fashion-MNIST datasets.
- Effective in few-shot scenarios with limited attack samples.
- Validated through comprehensive experiments on constructed benchmarks.

## Abstract

Deep neural networks (DNNs) are vulnerable to adversarial attack which is maliciously implemented by adding human-imperceptible perturbation to images and thus leads to incorrect prediction. Existing studies have proposed various methods to detect the new adversarial attacks. However, new attack methods keep evolving constantly and yield new adversarial examples to bypass the existing detectors. It needs to collect tens of thousands samples to train detectors, while the new attacks evolve much more frequently than the high-cost data collection. Thus, this situation leads the newly evolved attack samples to remain in small scales. To solve such few-shot problem with the evolving attack, we propose a meta-learning based robust detection method to detect new adversarial attacks with limited examples. Specifically, the learning consists of a double-network framework: a task-dedicated network and a master network which alternatively learn the detection capability for either seen attack or a new attack. To validate the effectiveness of our approach, we construct the benchmarks with few-shot-fashion protocols based on three conventional datasets, i.e. CIFAR-10, MNIST and Fashion-MNIST. Comprehensive experiments are conducted on them to verify the superiority of our approach with respect to the traditional adversarial attack detection methods.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1908.02199/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1908.02199/full.md

## References

52 references — full list in the complete paper: https://tomesphere.com/paper/1908.02199/full.md

---
Source: https://tomesphere.com/paper/1908.02199