Noise Based Approach for the Detection of Adversarial Examples

MATIAS A. KLOSTER; ARIEL HERNÁN CURIALE; GERMAN MATO

Buenos Aires

Simposio; Simposio Argentino de Ciencia de Datos y Grandes Datos (49 JAIIO); 2020

We propose a new method for detecting adversarial examples based on a stochastic approach. An example is presented to the network several times and classified as adversarial if the fraction of times the output label is different from the label generated by the deterministic network is above some threshold value. We analyze the performance of the method for three attack methods (DeepFool, Fast Gradient Sign Method and norm 2 Carlini Wagner) and two datasets (MNIST and CIFAR-10). We find that our approach works best for stronger attacks such as DeepFool and CW2, and could be used as part of a scheme where several methods are applied simultaneously in order to estimate if a given input is adversarial or not.