Uncertainty-based Detection of Adversarial Attacks in Semantic Segmentation

TL;DR

This paper introduces an uncertainty-based detection method for adversarial attacks in semantic segmentation that leverages output entropy differences without modifying the model, effective across various attack types.

Contribution

It presents a lightweight, post-processing approach using entropy-based uncertainty to detect adversarial attacks in semantic segmentation, filling a research gap in this area.

Findings

Effective detection across multiple attack types

No model modification required

Utilizes output entropy differences

Abstract

State-of-the-art deep neural networks have proven to be highly powerful in a broad range of tasks, including semantic image segmentation. However, these networks are vulnerable against adversarial attacks, i.e., non-perceptible perturbations added to the input image causing incorrect predictions, which is hazardous in safety-critical applications like automated driving. Adversarial examples and defense strategies are well studied for the image classification task, while there has been limited research in the context of semantic segmentation. First works however show that the segmentation outcome can be severely distorted by adversarial attacks. In this work, we introduce an uncertainty-based approach for the detection of adversarial attacks in semantic segmentation. We observe that uncertainty as for example captured by the entropy of the output distribution behaves differently on clean and perturbed images and leverage this property to distinguish between the two cases. Our method works in a light-weight and post-processing manner, i.e., we do not modify the model or need knowledge of the process used for generating adversarial examples. In a thorough empirical analysis, we demonstrate the ability of our approach to detect perturbed images across multiple types of adversarial attacks.