Related papers: From Pixels to Trajectory: Universal Adversarial Example Detection via Temporal Imprints

From Pixels to Trajectory: Universal Adversarial Example Detection via Temporal Imprints

URL: http://arxiv.org/abs/2503.04853v1
Date: Thu, 06 Mar 2025 06:00:04 GMT
Title: From Pixels to Trajectory: Universal Adversarial Example Detection via Temporal Imprints
Authors: Yansong Gao, Huaibing Peng, Hua Ma, Zhiyang Dai, Shuo Wang, Hongsheng Hu, Anmin Fu, Minhui Xue,
Abstract summary: We unveil discernible temporal (or historical) trajectory imprints resulting from adversarial example (AE) attacks.<n>We propose TRAIT (TRaceable Adrial temporal trajectory ImprinTs) for AE detection.<n> TRAIT achieves an AE detection accuracy exceeding 97%, often around 99%, while maintaining a false rejection rate of 1%.
Score: 21.454396392842426
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: For the first time, we unveil discernible temporal (or historical) trajectory imprints resulting from adversarial example (AE) attacks. Standing in contrast to existing studies all focusing on spatial (or static) imprints within the targeted underlying victim models, we present a fresh temporal paradigm for understanding these attacks. Of paramount discovery is that these imprints are encapsulated within a single loss metric, spanning universally across diverse tasks such as classification and regression, and modalities including image, text, and audio. Recognizing the distinct nature of loss between adversarial and clean examples, we exploit this temporal imprint for AE detection by proposing TRAIT (TRaceable Adversarial temporal trajectory ImprinTs). TRAIT operates under minimal assumptions without prior knowledge of attacks, thereby framing the detection challenge as a one-class classification problem. However, detecting AEs is still challenged by significant overlaps between the constructed synthetic losses of adversarial and clean examples due to the absence of ground truth for incoming inputs. TRAIT addresses this challenge by converting the synthetic loss into a spectrum signature, using the technique of Fast Fourier Transform to highlight the discrepancies, drawing inspiration from the temporal nature of the imprints, analogous to time-series signals. Across 12 AE attacks including SMACK (USENIX Sec'2023), TRAIT demonstrates consistent outstanding performance across comprehensively evaluated modalities, tasks, datasets, and model architectures. In all scenarios, TRAIT achieves an AE detection accuracy exceeding 97%, often around 99%, while maintaining a false rejection rate of 1%. TRAIT remains effective under the formulated strong adaptive attacks.

Related papers

NatADiff: Adversarial Boundary Guidance for Natural Adversarial Diffusion [25.40185694215312]
Adversarial samples exploit irregularities in the manifold learned'' by deep learning models to cause misclassifications.<n>We propose NatADiff', an adversarial sampling scheme that leverages denoising diffusion to generate natural adversarial samples.<n>We show that NatADiff produces adversarial samples that not only transfer more effectively across models, but more faithfully resemble naturally occurring test-time errors.
arXiv Detail & Related papers (2025-05-27T09:23:09Z)
TFLAG:Towards Practical APT Detection via Deviation-Aware Learning on Temporal Provenance Graph [5.3620586848260015]
Advanced Persistent Threat (APT) have grown increasingly complex and concealed.<n>Recent studies have incorporated graph learning techniques to extract detailed information from provenance graphs.<n>We introduce TFLAG, an advanced anomaly detection framework.
arXiv Detail & Related papers (2025-01-13T01:08:06Z)
Eliminating Catastrophic Overfitting Via Abnormal Adversarial Examples Regularization [50.43319961935526]
Single-step adversarial training (SSAT) has demonstrated the potential to achieve both efficiency and robustness. SSAT suffers from catastrophic overfitting (CO), a phenomenon that leads to a severely distorted classifier. In this work, we observe that some adversarial examples generated on the SSAT-trained network exhibit anomalous behaviour.
arXiv Detail & Related papers (2024-04-11T22:43:44Z)
Detecting Anomalies in Dynamic Graphs via Memory enhanced Normality [39.476378833827184]
Anomaly detection in dynamic graphs presents a significant challenge due to the temporal evolution of graph structures and attributes. We introduce a novel spatial- temporal memories-enhanced graph autoencoder (STRIPE) STRIPE significantly outperforms existing methods with 5.8% improvement in AUC scores and 4.62X faster in training time.
arXiv Detail & Related papers (2024-03-14T02:26:10Z)
Video Anomaly Detection via Spatio-Temporal Pseudo-Anomaly Generation : A Unified Approach [49.995833831087175]
This work proposes a novel method for generating generic Video-temporal PAs by inpainting a masked out region of an image. In addition, we present a simple unified framework to detect real-world anomalies under the OCC setting. Our method performs on par with other existing state-of-the-art PAs generation and reconstruction based methods under the OCC setting.
arXiv Detail & Related papers (2023-11-27T13:14:06Z)
A Discrepancy Aware Framework for Robust Anomaly Detection [51.710249807397695]
We present a Discrepancy Aware Framework (DAF), which demonstrates robust performance consistently with simple and cheap strategies. Our method leverages an appearance-agnostic cue to guide the decoder in identifying defects, thereby alleviating its reliance on synthetic appearance. Under the simple synthesis strategies, it outperforms existing methods by a large margin. Furthermore, it also achieves the state-of-the-art localization performance.
arXiv Detail & Related papers (2023-10-11T15:21:40Z)
On the Universal Adversarial Perturbations for Efficient Data-free Adversarial Detection [55.73320979733527]
We propose a data-agnostic adversarial detection framework, which induces different responses between normal and adversarial samples to UAPs. Experimental results show that our method achieves competitive detection performance on various text classification tasks.
arXiv Detail & Related papers (2023-06-27T02:54:07Z)
Harnessing Contrastive Learning and Neural Transformation for Time Series Anomaly Detection [0.0]
Time series anomaly detection (TSAD) plays a vital role in many industrial applications.<n>Contrastive learning has gained momentum in the time series domain for its prowess in extracting meaningful representations from unlabeled data.<n>In this study, we propose a novel approach, CNT, that incorporates a window-based contrastive learning strategy fortified with learnable transformations.
arXiv Detail & Related papers (2023-04-16T21:36:19Z)
Generalizable Deepfake Detection with Phase-Based Motion Analysis [11.042856247812969]
We propose PhaseForensics, a DeepFake (DF) video detection method that leverages a phase-based motion representation of temporal dynamics. We show improved distortion and adversarial robustness, and state-of-the-art cross-dataset generalization, with 91.2% video-level AUC on the challenging CelebDFv2.
arXiv Detail & Related papers (2022-11-17T06:28:01Z)
Improving Adversarial Robustness to Sensitivity and Invariance Attacks with Deep Metric Learning [80.21709045433096]
A standard method in adversarial robustness assumes a framework to defend against samples crafted by minimally perturbing a sample. We use metric learning to frame adversarial regularization as an optimal transport problem. Our preliminary results indicate that regularizing over invariant perturbations in our framework improves both invariant and sensitivity defense.
arXiv Detail & Related papers (2022-11-04T13:54:02Z)
Exploiting Spatial-temporal Correlations for Video Anomaly Detection [7.336831373786849]
Video anomaly detection (VAD) remains a challenging task in the pattern recognition community due to the ambiguity and diversity of abnormal events. We introduce a discriminator to perform adversarial learning with the ST-LSTM to enhance the learning capability. Our method achieves competitive performance compared to the state-of-the-art methods with AUCs of 96.7%, 87.8%, and 73.1% on the UCSD2, CUHK Avenue, and ShanghaiTech, respectively.
arXiv Detail & Related papers (2022-11-02T02:13:24Z)
Temporal Sparse Adversarial Attack on Sequence-based Gait Recognition [56.844587127848854]
We demonstrate that the state-of-the-art gait recognition model is vulnerable to such attacks. We employ a generative adversarial network based architecture to semantically generate adversarial high-quality gait silhouettes or video frames. The experimental results show that if only one-fortieth of the frames are attacked, the accuracy of the target model drops dramatically.
arXiv Detail & Related papers (2020-02-22T10:08:42Z)

This list is automatically generated from the titles and abstracts of the papers in this site.