Detection of Adversarial Supports in Few-shot Classifiers Using Self-Similarity and Filtering

TL;DR

This paper introduces a novel, attack-agnostic method for detecting adversarial support sets in few-shot classifiers by leveraging self-similarity and filtering, improving robustness against targeted attacks.

Contribution

It is the first to explore adversarial detection for support sets in few-shot classifiers, proposing a generalizable approach based on self-similarity and filtering techniques.

Findings

High AUROC scores on miniImagenet and CUB datasets.

Effective detection of adversarial support sets despite conceptual simplicity.

Method can be combined with other filtering functions for enhanced detection.

Abstract

Few-shot classifiers excel under limited training samples, making them useful in applications with sparsely user-provided labels. Their unique relative prediction setup offers opportunities for novel attacks, such as targeting support sets required to categorise unseen test samples, which are not available in other machine learning setups. In this work, we propose a detection strategy to identify adversarial support sets, aimed at destroying the understanding of a few-shot classifier for a certain class. We achieve this by introducing the concept of self-similarity of a support set and by employing filtering of supports. Our method is attack-agnostic, and we are the first to explore adversarial detection for support sets of few-shot classifiers to the best of our knowledge. Our evaluation of the miniImagenet (MI) and CUB datasets exhibits good attack detection performance despite conceptual simplicity, showing high AUROC scores. We show that self-similarity and filtering for adversarial detection can be paired with other filtering functions, constituting a generalisable concept.