Multi-head Uncertainty Inference for Adversarial Attack Detection

TL;DR

This paper introduces a multi-head uncertainty inference framework that leverages predictions from different depths of deep neural networks to effectively detect adversarial attacks by amplifying the uncertainty signals.

Contribution

The paper proposes a novel multi-head architecture for uncertainty inference that uses shallow information and Dirichlet distribution modeling to improve adversarial attack detection.

Findings

Outperforms existing UI methods in attack detection accuracy.

Effectively amplifies adversarial uncertainty signals.

Works across various attack settings.

Abstract

Deep neural networks (DNNs) are sensitive and susceptible to tiny perturbation by adversarial attacks which causes erroneous predictions. Various methods, including adversarial defense and uncertainty inference (UI), have been developed in recent years to overcome the adversarial attacks. In this paper, we propose a multi-head uncertainty inference (MH-UI) framework for detecting adversarial attack examples. We adopt a multi-head architecture with multiple prediction heads (i.e., classifiers) to obtain predictions from different depths in the DNNs and introduce shallow information for the UI. Using independent heads at different depths, the normalized predictions are assumed to follow the same Dirichlet distribution, and we estimate distribution parameter of it by moment matching. Cognitive uncertainty brought by the adversarial attacks will be reflected and amplified on the distribution. Experimental results show that the proposed MH-UI framework can outperform all the referred UI methods in the adversarial attack detection task with different settings.