Noise Based Approach for the Detection of Adversarial Examples

G. MATO; A. CURIALE; M. KLOSTER

Buenos Aires

Simposio; Simposio Argentino de Ciencia de Datos y Grandes Datos; 2020

We propose a new method for detecting adversarial examplesbased on a stochastic approach. An example is presented to the networkseveral times and classified as adversarial if the fraction of times theoutput label is different from the label generated by the deterministicnetwork is above some threshold value. We analyze the performance ofthe method for three attack methods (DeepFool, Fast Gradient SignMethod and norm 2 Carlini Wagner) and two datasets (MNIST andCIFAR-10). We find that our approach works best for stronger attackssuch as DeepFool and CW2, and could be used as part of a scheme where several methods are applied simultaneously in order to estimate if a given input is adversarial or not.