Adversarial Example Detection for DNN Models: A Review
- URL: http://arxiv.org/abs/2105.00203v1
- Date: Sat, 1 May 2021 09:55:17 GMT
- Title: Adversarial Example Detection for DNN Models: A Review
- Authors: Ahmed Aldahdooh, Wassim Hamidouche, Sid Ahmed Fezza, Olivier Deforges
- Abstract summary: The aim of adversarial example (AE) is to fool the Deep Learning model which makes it a potential risk for DL applications.
Few reviews and surveys were published and theoretically showed the taxonomy of the threats and the countermeasure methods.
A detailed discussion for such methods is provided and experimental results for eight state-of-the-art detectors are presented.
- Score: 13.131592630524905
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Deep Learning (DL) has shown great success in many human-related tasks, which
has led to its adoption in many computer vision based applications, such as
security surveillance system, autonomous vehicles and healthcare. Such
safety-critical applications have to draw its path to success deployment once
they have the capability to overcome safety-critical challenges. Among these
challenges are the defense against or/and the detection of the adversarial
example (AE). Adversary can carefully craft small, often imperceptible, noise
called perturbations, to be added to the clean image to generate the AE. The
aim of AE is to fool the DL model which makes it a potential risk for DL
applications. Many test-time evasion attacks and countermeasures, i.e., defense
or detection methods, are proposed in the literature. Moreover, few reviews and
surveys were published and theoretically showed the taxonomy of the threats and
the countermeasure methods with little focus in AE detection methods. In this
paper, we attempt to provide a theoretical and experimental review for AE
detection methods. A detailed discussion for such methods is provided and
experimental results for eight state-of-the-art detectors are presented under
different scenarios on four datasets. We also provide potential challenges and
future perspectives for this research direction.
Related papers
- Model Inversion Attacks: A Survey of Approaches and Countermeasures [59.986922963781]
Recently, a new type of privacy attack, the model inversion attacks (MIAs), aims to extract sensitive features of private data for training.
Despite the significance, there is a lack of systematic studies that provide a comprehensive overview and deeper insights into MIAs.
This survey aims to summarize up-to-date MIA methods in both attacks and defenses.
arXiv Detail & Related papers (2024-11-15T08:09:28Z) - Effective and Efficient Adversarial Detection for Vision-Language Models via A Single Vector [97.92369017531038]
We build a new laRge-scale Adervsarial images dataset with Diverse hArmful Responses (RADAR)
We then develop a novel iN-time Embedding-based AdveRSarial Image DEtection (NEARSIDE) method, which exploits a single vector that distilled from the hidden states of Visual Language Models (VLMs) to achieve the detection of adversarial images against benign ones in the input.
arXiv Detail & Related papers (2024-10-30T10:33:10Z) - Underwater Object Detection in the Era of Artificial Intelligence: Current, Challenge, and Future [119.88454942558485]
Underwater object detection (UOD) aims to identify and localise objects in underwater images or videos.
In recent years, artificial intelligence (AI) based methods, especially deep learning methods, have shown promising performance in UOD.
arXiv Detail & Related papers (2024-10-08T00:25:33Z) - Analyzing Adversarial Inputs in Deep Reinforcement Learning [53.3760591018817]
We present a comprehensive analysis of the characterization of adversarial inputs, through the lens of formal verification.
We introduce a novel metric, the Adversarial Rate, to classify models based on their susceptibility to such perturbations.
Our analysis empirically demonstrates how adversarial inputs can affect the safety of a given DRL system with respect to such perturbations.
arXiv Detail & Related papers (2024-02-07T21:58:40Z) - Remote Sensing Object Detection Meets Deep Learning: A Meta-review of
Challenges and Advances [51.70835702029498]
This review aims to present a comprehensive review of the recent achievements in deep learning based RSOD methods.
We identify five main challenges in RSOD, including multi-scale object detection, rotated object detection, weak object detection, tiny object detection, and object detection with limited supervision.
We also review the widely used benchmark datasets and evaluation metrics within the field of RSOD, as well as the application scenarios for RSOD.
arXiv Detail & Related papers (2023-09-13T06:48:32Z) - Review on the Feasibility of Adversarial Evasion Attacks and Defenses
for Network Intrusion Detection Systems [0.7829352305480285]
Recent research raises many concerns in the cybersecurity field.
An increasing number of researchers are studying the feasibility of such attacks on security systems based on machine learning algorithms.
arXiv Detail & Related papers (2023-03-13T11:00:05Z) - MixDefense: A Defense-in-Depth Framework for Adversarial Example
Detection Based on Statistical and Semantic Analysis [14.313178290347293]
We propose a multilayer defense-in-depth framework for AE detection, namely MixDefense.
We leverage the noise' features extracted from the inputs to discover the statistical difference between natural images and tampered ones for AE detection.
We show that the proposed MixDefense solution outperforms the existing AE detection techniques by a considerable margin.
arXiv Detail & Related papers (2021-04-20T15:57:07Z) - Detecting Operational Adversarial Examples for Reliable Deep Learning [12.175315224450678]
We present the novel notion of "operational AEs" which are AEs that have relatively high chance to be seen in future operation.
An initial design of a new DL testing method to efficiently detect "operational AEs" is provided.
arXiv Detail & Related papers (2021-04-13T08:31:42Z) - Selective and Features based Adversarial Example Detection [12.443388374869745]
Security-sensitive applications that relay on Deep Neural Networks (DNNs) are vulnerable to small perturbations crafted to generate Adversarial Examples (AEs)
We propose a novel unsupervised detection mechanism that uses the selective prediction, processing model layers outputs, and knowledge transfer concepts in a multi-task learning setting.
Experimental results show that the proposed approach achieves comparable results to the state-of-the-art methods against tested attacks in white box scenario and better results in black and gray boxes scenarios.
arXiv Detail & Related papers (2021-03-09T11:06:15Z) - Towards Characterizing Adversarial Defects of Deep Learning Software
from the Lens of Uncertainty [30.97582874240214]
Adversarial examples (AEs) represent a typical and important type of defects needed to be urgently addressed.
The intrinsic uncertainty nature of deep learning decisions can be a fundamental reason for its incorrect behavior.
We identify and categorize the uncertainty patterns of benign examples (BEs) and AEs, and find that while BEs and AEs generated by existing methods do follow common uncertainty patterns, some other uncertainty patterns are largely missed.
arXiv Detail & Related papers (2020-04-24T07:29:47Z) - Anomalous Example Detection in Deep Learning: A Survey [98.2295889723002]
This survey tries to provide a structured and comprehensive overview of the research on anomaly detection for Deep Learning applications.
We provide a taxonomy for existing techniques based on their underlying assumptions and adopted approaches.
We highlight the unsolved research challenges while applying anomaly detection techniques in DL systems and present some high-impact future research directions.
arXiv Detail & Related papers (2020-03-16T02:47:23Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.