1. Detecting adversarial examples by additional evidence from noise domain
- Author
-
Song Gao, Shui Yu, Liwen Wu, Shaowen Yao, and Xiaowei Zhou
- Subjects
Steganalysis ,Generalization ,business.industry ,Computer science ,Pattern recognition ,0801 Artificial Intelligence and Image Processing, 0906 Electrical and Electronic Engineering ,Domain (software engineering) ,Noise ,Adversarial system ,QA76.75-76.765 ,Feature (computer vision) ,Signal Processing ,Classifier (linguistics) ,Photography ,RGB color model ,Artificial Intelligence & Image Processing ,Computer Vision and Pattern Recognition ,Artificial intelligence ,Computer software ,Electrical and Electronic Engineering ,business ,TR1-1050 ,Software - Abstract
Deep neural networks are widely adopted powerful tools for perceptual tasks. However, recent research indicated that they are easily fooled by adversarial examples, which are produced by adding imperceptible adversarial perturbations to clean examples. In this paper, we utilize the steganalysis rich model (SRM) to generate noise feature maps, and combine them with RGB images to discover the difference between adversarial examples and clean examples. In particular, we propose a two-stream pseudo-siamese network and train it end-to-end to detect adversarial examples. Our approach fuses the subtle difference in RGB images with the noise inconsistency in noise features. The proposed method has strong detection capability and transferability, and can be combined with any classifier without modifying its architecture or training procedure. Our extensive empirical experiments show that, compared with the state-of-the-art detection methods, the proposed method achieves excellent performance in distinguishing adversarial samples generated by popular attack methods on different real datasets. Moreover, our method has good generalization, it trained by a specific adversary can generalize to other adversaries.
- Published
- 2022