# Entropy-Based Non-Invasive Reliability Monitoring of Convolutional Neural Networks

**Authors:** Amirhossein Nazeri, Wael Hafez

arXiv: 2508.21715 · 2025-09-01

## TL;DR

This paper introduces a method to detect adversarial attacks on CNNs by monitoring entropy changes in activations, enabling real-time, non-invasive reliability assessment without retraining or architecture changes.

## Contribution

It demonstrates that adversarial inputs cause measurable entropy shifts in CNN activations, allowing effective detection without modifying the model.

## Key findings

- Adversarial inputs increase activation entropy by 7% in early layers.
- Detection accuracy of 90% with low false positive/negative rates.
- Entropy distributions for clean and adversarial inputs are well separated.

## Abstract

Convolutional Neural Networks (CNNs) have become the foundation of modern computer vision, achieving unprecedented accuracy across diverse image recognition tasks. While these networks excel on in-distribution data, they remain vulnerable to adversarial perturbations imperceptible input modifications that cause misclassification with high confidence. However, existing detection methods either require expensive retraining, modify network architecture, or degrade performance on clean inputs. Here we show that adversarial perturbations create immediate, detectable entropy signatures in CNN activations that can be monitored without any model modification. Using parallel entropy monitoring on VGG-16, we demonstrate that adversarial inputs consistently shift activation entropy by 7% in early convolutional layers, enabling 90% detection accuracy with false positives and false negative rates below 20%. The complete separation between clean and adversarial entropy distributions reveals that CNNs inherently encode distribution shifts in their activation patterns. This work establishes that CNN reliability can be assessed through activation entropy alone, enabling practical deployment of self-diagnostic vision systems that detect adversarial inputs in real-time without compromising original model performance.

---
Source: https://tomesphere.com/paper/2508.21715