NCCR: to Evaluate the Robustness of Neural Networks and Adversarial Examples

TL;DR

This paper introduces NCCR, a new metric to evaluate neural network robustness against adversarial attacks by monitoring neuron output changes, aiding in detection and assessment of model stability.

Contribution

The paper proposes the neuron cover change rate (NCCR), a novel metric for quantifying neural network robustness and detecting adversarial examples based on neuron output stability.

Findings

NCCR effectively measures neural network robustness.

Networks with lower NCCR are more resistant to attacks.

NCCR can distinguish adversarial inputs from normal ones.

Abstract

Neural networks have received a lot of attention recently, and related security issues have come with it. Many studies have shown that neural networks are vulnerable to adversarial examples that have been artificially perturbed with modification, which is too small to be distinguishable by human perception. Different attacks and defenses have been proposed to solve these problems, but there is little research on evaluating the robustness of neural networks and their inputs. In this work, we propose a metric called the neuron cover change rate (NCCR) to measure the ability of deep learning models to resist attacks and the stability of adversarial examples. NCCR monitors alterations in the output of specifically chosen neurons when the input is perturbed, and networks with a smaller degree of variation are considered to be more robust. The results of the experiment on image recognition and the speaker recognition model show that our metrics can provide a good assessment of the robustness of neural networks or their inputs. It can also be used to detect whether an input is adversarial or not, as adversarial examples are always less robust.