Unity is strength: Improving the Detection of Adversarial Examples with Ensemble Approaches

TL;DR

This paper introduces ENAD, an ensemble framework combining multiple detectors to improve adversarial example detection in deep learning, demonstrating superior performance across various benchmarks and attacks.

Contribution

The paper presents ENAD, a novel ensemble approach that integrates multiple detection methods for robust adversarial example detection, enhancing accuracy and reproducibility.

Findings

ENAD outperforms existing methods in most benchmark tests.

The ensemble approach improves detection robustness across diverse attacks.

ENAD's modular design allows easy extension with new detectors.

Abstract

A key challenge in computer vision and deep learning is the definition of robust strategies for the detection of adversarial examples. Here, we propose the adoption of ensemble approaches to leverage the effectiveness of multiple detectors in exploiting distinct properties of the input data. To this end, the ENsemble Adversarial Detector (ENAD) framework integrates scoring functions from state-of-the-art detectors based on Mahalanobis distance, Local Intrinsic Dimensionality, and One-Class Support Vector Machines, which process the hidden features of deep neural networks. ENAD is designed to ensure high standardization and reproducibility to the computational workflow. Importantly, extensive tests on benchmark datasets, models and adversarial attacks show that ENAD outperforms all competing methods in the large majority of settings. The improvement over the state-of-the-art and the intrinsic generality of the framework, which allows one to easily extend ENAD to include any set of detectors, set the foundations for the new area of ensemble adversarial detection.