Locally optimal detection of stochastic targeted universal adversarial   perturbations

Amish Goel; Pierre Moulin

arXiv:2012.04692·cs.CV·December 10, 2020

Locally optimal detection of stochastic targeted universal adversarial perturbations

Amish Goel, Pierre Moulin

PDF

TL;DR

This paper introduces a locally optimal detector for stochastic targeted universal adversarial perturbations in deep learning classifiers, improving detection performance through a supervised training approach.

Contribution

The paper develops a novel LO-GLRT based detector for stochastic UAPs and proposes a supervised training method to optimize its parameters.

Findings

01

Detector outperforms existing methods on multiple datasets

02

Supervised training enhances detection accuracy

03

Effective for targeted universal adversarial perturbations

Abstract

Deep learning image classifiers are known to be vulnerable to small adversarial perturbations of input images. In this paper, we derive the locally optimal generalized likelihood ratio test (LO-GLRT) based detector for detecting stochastic targeted universal adversarial perturbations (UAPs) of the classifier inputs. We also describe a supervised training method to learn the detector's parameters, and demonstrate better performance of the detector compared to other detection methods on several popular image classification datasets.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.