Improved Detection of Adversarial Images Using Deep Neural Networks

TL;DR

This paper introduces a novel Feature Map Denoising method utilizing Wiener filters to detect adversarial images in deep neural networks, enhancing security in sensitive applications.

Contribution

The paper presents a new low-cost detection approach for adversarial inputs using Feature Map Denoising with Wiener filters, applicable to any pre-trained DNNs.

Findings

High accuracy in adversarial example detection

Effective across multiple attack algorithms

Improved detection performance with Wiener filter

Abstract

Machine learning techniques are immensely deployed in both industry and academy. Recent studies indicate that machine learning models used for classification tasks are vulnerable to adversarial examples, which limits the usage of applications in the fields with high precision requirements. We propose a new approach called Feature Map Denoising to detect the adversarial inputs and show the performance of detection on the mixed dataset consisting of adversarial examples generated by different attack algorithms, which can be used to associate with any pre-trained DNNs at a low cost. Wiener filter is also introduced as the denoise algorithm to the defense model, which can further improve performance. Experimental results indicate that good accuracy of detecting the adversarial examples can be achieved through our Feature Map Denoising algorithm.