On the Detection of Adversarial Attacks Against Deep Neural Networks
| Title | On the Detection of Adversarial Attacks Against Deep Neural Networks |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Wang, Weiyu, Zhu, Quanyan |
| Conference Name | Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5203-1 |
| Keywords | active learning, Adversarial Machine Learning, composability, Deep Neural Network, machine learning security, Metrics, pubcrawl, resilience, Resiliency, support vector machine, Support vector machines |
| Abstract | Deep learning model has been widely studied and proven to achieve high accuracy in various pattern recognition tasks, especially in image recognition. However, due to its non-linear architecture and high-dimensional inputs, its ill-posedness [1] towards adversarial perturbations-small deliberately crafted perturbations on the input will lead to completely different outputs, has also attracted researchers' attention. This work takes the traffic sign recognition system on the self-driving car as an example, and aims at designing an additional mechanism to improve the robustness of the recognition system. It uses a machine learning model which learns the results of the deep learning model's predictions, with human feedback as labels and provides the credibility of current prediction. The mechanism makes use of both the input image and the recognition result as sample space, querying a human user the True/False of current classification result the least number of times, and completing the task of detecting adversarial attacks. |
| URL | https://dl.acm.org/citation.cfm?doid=3140368.3140373 |
| DOI | 10.1145/3140368.3140373 |
| Citation Key | wang_detection_2017 |