Adversarial Sample Detection Through Neural Network Transport Dynamics

• URL: http://arxiv.org/abs/2306.04252v2
• Date: Thu, 8 Jun 2023 08:43:40 GMT
• Title: Adversarial Sample Detection Through Neural Network Transport Dynamics
• Authors: Skander Karkar and Patrick Gallinari and Alain Rakotomamonjy
• Abstract summary: We propose a detector of adversarial samples based on the view of neural networks as discrete dynamic systems. The detector tells clean inputs from abnormal ones by comparing the discrete vector fields they follow through the layers. We show that regularizing this vector field during training makes the network more regular on the data distribution's support.
• Score: 18.08752807817708
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: We propose a detector of adversarial samples that is based on the view of neural networks as discrete dynamic systems. The detector tells clean inputs from abnormal ones by comparing the discrete vector fields they follow through the layers. We also show that regularizing this vector field during training makes the network more regular on the data distribution's support, thus making the activations of clean inputs more distinguishable from those of abnormal ones. Experimentally, we compare our detector favorably to other detectors on seen and unseen attacks, and show that the regularization of the network's dynamics improves the performance of adversarial detectors that use the internal embeddings as inputs, while also improving test accuracy.

Related papers

• Box-based Refinement for Weakly Supervised and Unsupervised Localization Tasks [57.70351255180495]
  We train the detectors on top of the network output instead of the image data and apply suitable loss backpropagation. Our findings reveal a significant improvement in phrase grounding for the what is where by looking'' task.
  arXiv  Detail & Related papers  (2023-09-07T17:36:02Z)
• How adversarial attacks can disrupt seemingly stable accurate classifiers [76.95145661711514]
  Adversarial attacks dramatically change the output of an otherwise accurate learning system using a seemingly inconsequential modification to a piece of input data. Here, we show that this may be seen as a fundamental feature of classifiers working with high dimensional input data. We introduce a simple generic and generalisable framework for which key behaviours observed in practical systems arise with high probability.
  arXiv  Detail & Related papers  (2023-09-07T12:02:00Z)
• Runtime Monitoring for Out-of-Distribution Detection in Object Detection Neural Networks [0.0]
  Monitoring provides a more realistic and applicable alternative to verification in the setting of real neural networks used in industry. We extend a runtime-monitoring approach previously proposed for classification networks to perception systems capable of identification and localization of multiple objects.
  arXiv  Detail & Related papers  (2022-12-15T12:50:42Z)
• A Novel Explainable Out-of-Distribution Detection Approach for Spiking Neural Networks [6.100274095771616]
  This work presents a novel OoD detector that can identify whether test examples input to a Spiking Neural Network belong to the distribution of the data over which it was trained. We characterize the internal activations of the hidden layers of the network in the form of spike count patterns. A local explanation method is devised to produce attribution maps revealing which parts of the input instance push most towards the detection of an example as an OoD sample.
  arXiv  Detail & Related papers  (2022-09-30T11:16:35Z)
• Representation Learning for Content-Sensitive Anomaly Detection in Industrial Networks [0.0]
  This thesis proposes a framework to learn spatial-temporal aspects of raw network traffic in an unsupervised and protocol-agnostic manner. The learned representations are used to measure the effect on the results of a subsequent anomaly detection.
  arXiv  Detail & Related papers  (2022-04-20T09:22:41Z)
• Adversarial Detector with Robust Classifier [14.586106862913553]
  We propose a novel adversarial detector, which consists of a robust classifier and a plain one, to highly detect adversarial examples. In an experiment, the proposed detector is demonstrated to outperform a state-of-the-art detector without any robust classifier.
  arXiv  Detail & Related papers  (2022-02-05T07:21:05Z)
• DAAIN: Detection of Anomalous and Adversarial Input using Normalizing Flows [52.31831255787147]
  We introduce a novel technique, DAAIN, to detect out-of-distribution (OOD) inputs and adversarial attacks (AA) Our approach monitors the inner workings of a neural network and learns a density estimator of the activation distribution. Our model can be trained on a single GPU making it compute efficient and deployable without requiring specialized accelerators.
  arXiv  Detail & Related papers  (2021-05-30T22:07:13Z)
• Adversarial Examples Detection with Bayesian Neural Network [57.185482121807716]
  We propose a new framework to detect adversarial examples motivated by the observations that random components can improve the smoothness of predictors. We propose a novel Bayesian adversarial example detector, short for BATer, to improve the performance of adversarial example detection.
  arXiv  Detail & Related papers  (2021-05-18T15:51:24Z)
• Toward Scalable and Unified Example-based Explanation and Outlier Detection [128.23117182137418]
  We argue for a broader adoption of prototype-based student networks capable of providing an example-based explanation for their prediction. We show that our prototype-based networks beyond similarity kernels deliver meaningful explanations and promising outlier detection results without compromising classification accuracy.
  arXiv  Detail & Related papers  (2020-11-11T05:58:17Z)
• Into the Unknown: Active Monitoring of Neural Networks [9.591060426695748]
  We introduce an algorithmic framework for active monitoring of a neural network. A monitor wrapped in our framework operates in parallel with the neural network and interacts with a human user. An experimental evaluation on a diverse set of benchmarks confirms the benefits of our active monitoring framework in dynamic scenarios.
  arXiv  Detail & Related papers  (2020-09-14T13:29:47Z)
• Unsupervised Anomaly Detection with Adversarial Mirrored AutoEncoders [51.691585766702744]
  We propose a variant of Adversarial Autoencoder which uses a mirrored Wasserstein loss in the discriminator to enforce better semantic-level reconstruction. We put forward an alternative measure of anomaly score to replace the reconstruction-based metric. Our method outperforms the current state-of-the-art methods for anomaly detection on several OOD detection benchmarks.
  arXiv  Detail & Related papers  (2020-03-24T08:26:58Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.