Deep learning models are vulnerable, but adversarial examples are even more vulnerable

Jun Li; Yanwei Xu; Keran Li; Xiaoli Zhang

arXiv:2511.05073·cs.CV·November 10, 2025

Deep learning models are vulnerable, but adversarial examples are even more vulnerable

Jun Li, Yanwei Xu, Keran Li, Xiaoli Zhang

PDF

Open Access

TL;DR

This paper investigates the vulnerability of deep learning models to adversarial examples, revealing their high sensitivity to occlusion, and introduces a novel detection method that improves robustness against various attacks.

Contribution

The study empirically demonstrates adversarial examples' sensitivity to occlusion and proposes SWM-AED, a new detection method that enhances robustness without overfitting.

Findings

01

Adversarial examples show higher confidence volatility under occlusion than clean samples.

02

SMCE effectively quantifies confidence fluctuations caused by occlusion.

03

SWM-AED achieves over 62% accuracy, up to 96.5%, in detecting adversarial examples.

Abstract

Understanding intrinsic differences between adversarial examples and clean samples is key to enhancing DNN robustness and detection against adversarial attacks. This study first empirically finds that image-based adversarial examples are notably sensitive to occlusion. Controlled experiments on CIFAR-10 used nine canonical attacks (e.g., FGSM, PGD) to generate adversarial examples, paired with original samples for evaluation. We introduce Sliding Mask Confidence Entropy (SMCE) to quantify model confidence fluctuation under occlusion. Using 1800+ test images, SMCE calculations supported by Mask Entropy Field Maps and statistical distributions show adversarial examples have significantly higher confidence volatility under occlusion than originals. Based on this, we propose Sliding Window Mask-based Adversarial Example Detection (SWM-AED), which avoids catastrophic overfitting of…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Advanced Neural Network Applications · Domain Adaptation and Few-Shot Learning