Adversarial Examples Detection beyond Image Space

TL;DR

This paper introduces a novel two-stream detection method that effectively identifies adversarial examples with both slight and large perturbations by analyzing prediction confidence and pixel artifacts.

Contribution

The proposed approach extends adversarial detection beyond image space using a dual-stream architecture focusing on pixel and confidence artifacts, improving detection performance.

Findings

Outperforms existing detection methods under oblivious attacks.

Effective against both few-perturbation and large-perturbation attacks.

Demonstrates robustness against omniscient adversarial attacks.

Abstract

Deep neural networks have been proved that they are vulnerable to adversarial examples, which are generated by adding human-imperceptible perturbations to images. To defend these adversarial examples, various detection based methods have been proposed. However, most of them perform poorly on detecting adversarial examples with extremely slight perturbations. By exploring these adversarial examples, we find that there exists compliance between perturbations and prediction confidence, which guides us to detect few-perturbation attacks from the aspect of prediction confidence. To detect both few-perturbation attacks and large-perturbation attacks, we propose a method beyond image space by a two-stream architecture, in which the image stream focuses on the pixel artifacts and the gradient stream copes with the confidence artifacts. The experimental results show that the proposed method outperforms the existing methods under oblivious attacks and is verified effective to defend omniscient attacks as well.