Test-time adversarial detection and robustness for localizing humans using ultra wide band channel impulse responses

TL;DR

This paper introduces a test-time adversarial detection method and robustness enhancement for neural networks used in localizing humans via ultra wide band channel impulse responses, improving security against adversarial attacks.

Contribution

It proposes a novel test-time adversarial example detector and a non-iterative input clipping technique to enhance neural network robustness without prior adversarial training.

Findings

Performance improved by 55.33% against FGSM attacks

Robustness increased by 6.3% against BIM and PGD attacks

Effective detection of adversarial examples through intermediate response analysis

Abstract

Keyless entry systems in cars are adopting neural networks for localizing its operators. Using test-time adversarial defences equip such systems with the ability to defend against adversarial attacks without prior training on adversarial samples. We propose a test-time adversarial example detector which detects the input adversarial example through quantifying the localized intermediate responses of a pre-trained neural network and confidence scores of an auxiliary softmax layer. Furthermore, in order to make the network robust, we extenuate the non-relevant features by non-iterative input sample clipping. Using our approach, mean performance over 15 levels of adversarial perturbations is increased by 55.33% for the fast gradient sign method (FGSM) and 6.3% for both the basic iterative method (BIM) and the projected gradient method (PGD).