GraN: An Efficient Gradient-Norm Based Detector for Adversarial and Misclassified Examples
Julia Lust, Alexandru Paul Condurache
TL;DR
GraN is a fast, parameter-efficient method for detecting adversarial and misclassified examples in DNNs, based on layer-wise gradient norms, achieving state-of-the-art results across various scenarios.
Contribution
Introduces GraN, a novel gradient-norm based detection method that is both computationally efficient and easily adaptable to any deep neural network.
Findings
Achieves state-of-the-art detection performance.
Requires less runtime and fewer parameters than existing methods.
Effective across multiple problem setups.
Abstract
Deep neural networks (DNNs) are vulnerable to adversarial examples and other data perturbations. Especially in safety critical applications of DNNs, it is therefore crucial to detect misclassified samples. The current state-of-the-art detection methods require either significantly more runtime or more parameters than the original network itself. This paper therefore proposes GraN, a time- and parameter-efficient method that is easily adaptable to any DNN. GraN is based on the layer-wise norm of the DNN's gradient regarding the loss of the current input-output combination, which can be computed via backpropagation. GraN achieves state-of-the-art performance on numerous problem set-ups.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Advanced Neural Network Applications