Real-time Detection of Practical Universal Adversarial Perturbations
- URL: http://arxiv.org/abs/2105.07334v1
- Date: Sun, 16 May 2021 03:01:29 GMT
- Title: Real-time Detection of Practical Universal Adversarial Perturbations
- Authors: Kenneth T. Co, Luis Mu\~noz-Gonz\'alez, Leslie Kanthan, Emil C. Lupu
- Abstract summary: Universal Adversarial Perturbations (UAPs) enable physically realizable and robust attacks against Deep Neural Networks (DNNs)
In this paper we propose HyperNeuron, an efficient and scalable algorithm that allows for the real-time detection of UAPs.
- Score: 3.806971160251168
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Universal Adversarial Perturbations (UAPs) are a prominent class of
adversarial examples that exploit the systemic vulnerabilities and enable
physically realizable and robust attacks against Deep Neural Networks (DNNs).
UAPs generalize across many different inputs; this leads to realistic and
effective attacks that can be applied at scale. In this paper we propose
HyperNeuron, an efficient and scalable algorithm that allows for the real-time
detection of UAPs by identifying suspicious neuron hyper-activations. Our
results show the effectiveness of HyperNeuron on multiple tasks (image
classification, object detection), against a wide variety of universal attacks,
and in realistic scenarios, like perceptual ad-blocking and adversarial
patches. HyperNeuron is able to simultaneously detect both adversarial mask and
patch UAPs with comparable or better performance than existing UAP defenses
whilst introducing a significantly reduced latency of only 0.86 milliseconds
per image. This suggests that many realistic and practical universal attacks
can be reliably mitigated in real-time, which shows promise for the robust
deployment of machine learning systems.
Related papers
- Meta Invariance Defense Towards Generalizable Robustness to Unknown Adversarial Attacks [62.036798488144306]
Current defense mainly focuses on the known attacks, but the adversarial robustness to the unknown attacks is seriously overlooked.
We propose an attack-agnostic defense method named Meta Invariance Defense (MID)
We show that MID simultaneously achieves robustness to the imperceptible adversarial perturbations in high-level image classification and attack-suppression in low-level robust image regeneration.
arXiv Detail & Related papers (2024-04-04T10:10:38Z) - Adversarial Vulnerability of Temporal Feature Networks for Object
Detection [5.525433572437716]
We study whether temporal feature networks for object detection are vulnerable to universal adversarial attacks.
We evaluate attacks of two types: imperceptible noise for the whole image and locally-bound adversarial patch.
Our experiments on KITTI and nuScenes datasets demonstrate, that a model robustified via K-PGD is able to withstand the studied attacks.
arXiv Detail & Related papers (2022-08-23T07:08:54Z) - Universal Adversarial Attacks on Neural Networks for Power Allocation in
a Massive MIMO System [60.46526086158021]
We propose universal adversarial perturbation (UAP)-crafting methods as white-box and black-box attacks.
We show that the adversarial success rate can achieve up to 60% and 40%, respectively.
The proposed UAP-based attacks make a more practical and realistic approach as compared to classical white-box attacks.
arXiv Detail & Related papers (2021-10-10T08:21:03Z) - Jacobian Regularization for Mitigating Universal Adversarial
Perturbations [2.9465623430708905]
Universal Adversarial Perturbations (UAPs) are input perturbations that can fool a neural network on large sets of data.
We derive upper bounds for the effectiveness of UAPs based on norms of data-dependent Jacobians.
arXiv Detail & Related papers (2021-04-21T11:00:21Z) - Universal Adversarial Training with Class-Wise Perturbations [78.05383266222285]
adversarial training is the most widely used method for defending against adversarial attacks.
In this work, we find that a UAP does not attack all classes equally.
We improve the SOTA UAT by proposing to utilize class-wise UAPs during adversarial training.
arXiv Detail & Related papers (2021-04-07T09:05:49Z) - A Survey On Universal Adversarial Attack [68.1815935074054]
Deep neural networks (DNNs) have demonstrated remarkable performance for various applications.
They are widely known to be vulnerable to the attack of adversarial perturbations.
Universal adversarial perturbations (UAPs) fool the target DNN for most images.
arXiv Detail & Related papers (2021-03-02T06:35:09Z) - Double Targeted Universal Adversarial Perturbations [83.60161052867534]
We introduce a double targeted universal adversarial perturbations (DT-UAPs) to bridge the gap between the instance-discriminative image-dependent perturbations and the generic universal perturbations.
We show the effectiveness of the proposed DTA algorithm on a wide range of datasets and also demonstrate its potential as a physical attack.
arXiv Detail & Related papers (2020-10-07T09:08:51Z) - A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems.
This paper proposes a self-supervised adversarial training mechanism in the input space.
It provides significant robustness against the textbfunseen adversarial attacks.
arXiv Detail & Related papers (2020-06-08T20:42:39Z) - RAID: Randomized Adversarial-Input Detection for Neural Networks [7.37305608518763]
We propose a novel technique for adversarial-image detection, RAID, that trains a secondary classifier to identify differences in neuron activation values between benign and adversarial inputs.
RAID is more reliable and more effective than the state of the art when evaluated against six popular attacks.
arXiv Detail & Related papers (2020-02-07T13:27:29Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.