Segmentation Fault: A Cheap Defense Against Adversarial Machine Learning

TL;DR

This paper introduces a computationally efficient defense mechanism against adversarial attacks on deep neural networks by replacing pixel-level analysis with coarse segmentation, balancing detection accuracy and resource use.

Contribution

It proposes a novel, low-cost defense method that simplifies the ML-LOO approach using coarse segmentation, reducing computational demands while maintaining effective detection.

Findings

Significant efficiency gains over ML-LOO with minimal accuracy loss

Coarse segmentation effectively detects adversarial examples

Trade-off between detection accuracy and computational cost

Abstract

Recently published attacks against deep neural networks (DNNs) have stressed the importance of methodologies and tools to assess the security risks of using this technology in critical systems. Efficient techniques for detecting adversarial machine learning helps establishing trust and boost the adoption of deep learning in sensitive and security systems. In this paper, we propose a new technique for defending deep neural network classifiers, and convolutional ones in particular. Our defense is cheap in the sense that it requires less computation power despite a small cost to pay in terms of detection accuracy. The work refers to a recently published technique called ML-LOO. We replace the costly pixel by pixel leave-one-out approach of ML-LOO by adopting coarse-grained leave-one-out. We evaluate and compare the efficiency of different segmentation algorithms for this task. Our results show that a large gain in efficiency is possible, even though penalized by a marginal decrease in detection accuracy.