A General Framework For Detecting Anomalous Inputs to DNN Classifiers

TL;DR

This paper introduces a flexible, unsupervised framework for detecting anomalous inputs in DNN classifiers, utilizing internal layer representations and statistical testing, showing superior performance against adversarial and out-of-distribution samples.

Contribution

It presents a principled, configurable meta-algorithm for anomaly detection in DNNs, with specific instantiations grounded in statistical testing, addressing prior heuristic approaches.

Findings

Effective detection of adversarial inputs.

Robust against adaptive attacks using internal representations.

Outperforms five recent detection methods.

Abstract

Detecting anomalous inputs, such as adversarial and out-of-distribution (OOD) inputs, is critical for classifiers (including deep neural networks or DNNs) deployed in real-world applications. While prior works have proposed various methods to detect such anomalous samples using information from the internal layer representations of a DNN, there is a lack of consensus on a principled approach for the different components of such a detection method. As a result, often heuristic and one-off methods are applied for different aspects of this problem. We propose an unsupervised anomaly detection framework based on the internal DNN layer representations in the form of a meta-algorithm with configurable components. We proceed to propose specific instantiations for each component of the meta-algorithm based on ideas grounded in statistical testing and anomaly detection. We evaluate the proposed methods on well-known image classification datasets with strong adversarial attacks and OOD inputs, including an adaptive attack that uses the internal layer representations of the DNN (often not considered in prior work). Comparisons with five recently-proposed competing detection methods demonstrates the effectiveness of our method in detecting adversarial and OOD inputs.