Real-time Detection of Practical Universal Adversarial Perturbations

TL;DR

This paper introduces HyperNeuron, a real-time detection method for universal adversarial perturbations in neural networks, demonstrating high efficiency and effectiveness across various tasks and attack types.

Contribution

The paper presents HyperNeuron, a scalable algorithm that detects UAPs in real-time by analyzing neuron hyper-activations, improving latency and detection performance over existing methods.

Findings

HyperNeuron detects UAPs with only 0.86 ms latency per image.

Effective against multiple attack types and scenarios.

Outperforms existing defenses in speed and comparable accuracy.

Abstract

Universal Adversarial Perturbations (UAPs) are a prominent class of adversarial examples that exploit the systemic vulnerabilities and enable physically realizable and robust attacks against Deep Neural Networks (DNNs). UAPs generalize across many different inputs; this leads to realistic and effective attacks that can be applied at scale. In this paper we propose HyperNeuron, an efficient and scalable algorithm that allows for the real-time detection of UAPs by identifying suspicious neuron hyper-activations. Our results show the effectiveness of HyperNeuron on multiple tasks (image classification, object detection), against a wide variety of universal attacks, and in realistic scenarios, like perceptual ad-blocking and adversarial patches. HyperNeuron is able to simultaneously detect both adversarial mask and patch UAPs with comparable or better performance than existing UAP defenses whilst introducing a significantly reduced latency of only 0.86 milliseconds per image. This suggests that many realistic and practical universal attacks can be reliably mitigated in real-time, which shows promise for the robust deployment of machine learning systems.