New Adversarial Image Detection Based on Sentiment Analysis

TL;DR

This paper introduces a novel adversarial image detection method leveraging sentiment analysis on hidden-layer feature maps, significantly improving detection accuracy against recent attacks on popular datasets and models.

Contribution

The paper proposes a new sentiment analysis-based detector for adversarial images, utilizing a lightweight embedding layer to analyze hidden-layer features for improved detection performance.

Findings

Outperforms state-of-the-art detectors on CIFAR-10, CIFAR-100, and SVHN datasets.

Detects adversarial examples in under 4.6 milliseconds on a Tesla K80 GPU.

Effective against the latest adversarial attack models.

Abstract

Deep Neural Networks (DNNs) are vulnerable to adversarial examples, while adversarial attack models, e.g., DeepFool, are on the rise and outrunning adversarial example detection techniques. This paper presents a new adversarial example detector that outperforms state-of-the-art detectors in identifying the latest adversarial attacks on image datasets. Specifically, we propose to use sentiment analysis for adversarial example detection, qualified by the progressively manifesting impact of an adversarial perturbation on the hidden-layer feature maps of a DNN under attack. Accordingly, we design a modularized embedding layer with the minimum learnable parameters to embed the hidden-layer feature maps into word vectors and assemble sentences ready for sentiment analysis. Extensive experiments demonstrate that the new detector consistently surpasses the state-of-the-art detection algorithms in detecting the latest attacks launched against ResNet and Inception neutral networks on the CIFAR-10, CIFAR-100 and SVHN datasets. The detector only has about 2 million parameters, and takes shorter than 4.6 milliseconds to detect an adversarial example generated by the latest attack models using a Tesla K80 GPU card.