Noise Sensitivity-Based Energy Efficient and Robust Adversary Detection in Neural Networks

TL;DR

This paper introduces a novel adversarial detection method for neural networks that uses a new metric called Adversarial Noise Sensitivity to strategically add a detector at the most sensitive layer, improving robustness and energy efficiency.

Contribution

The paper proposes a structured approach to enhance adversarial detection by using ANS to identify sensitive layers, reducing complexity and improving robustness compared to prior complex detector methods.

Findings

Improves robustness against adversarial examples on MNIST, CIFAR-10, and CIFAR-100.

Reduces computational complexity of the detector.

Demonstrates energy efficiency across hardware platforms.

Abstract

Neural networks have achieved remarkable performance in computer vision, however they are vulnerable to adversarial examples. Adversarial examples are inputs that have been carefully perturbed to fool classifier networks, while appearing unchanged to humans. Based on prior works on detecting adversaries, we propose a structured methodology of augmenting a deep neural network (DNN) with a detector subnetwork. We use $\textit{Adversarial Noise Sensitivity}$ (ANS), a novel metric for measuring the adversarial gradient contribution of different intermediate layers of a network. Based on the ANS value, we append a detector to the most sensitive layer. In prior works, more complex detectors were added to a DNN, increasing the inference computational cost of the model. In contrast, our structured and strategic addition of a detector to a DNN reduces the complexity of the model while making the overall network adversarially resilient. Through comprehensive white-box and black-box experiments on MNIST, CIFAR-10, and CIFAR-100, we show that our method improves state-of-the-art detector robustness against adversarial examples. Furthermore, we validate the energy efficiency of our proposed adversarial detection methodology through an extensive energy analysis on various hardware scalable CMOS accelerator platforms. We also demonstrate the effects of quantization on our detector-appended networks.