Attack as Defense: Characterizing Adversarial Examples using Robustness

03/13/2021
by   Zhe Zhao, et al.
26

As a new programming paradigm, deep learning has expanded its application to many real-world problems. At the same time, deep learning based software are found to be vulnerable to adversarial attacks. Though various defense mechanisms have been proposed to improve robustness of deep learning software, many of them are ineffective against adaptive attacks. In this work, we propose a novel characterization to distinguish adversarial examples from benign ones based on the observation that adversarial examples are significantly less robust than benign ones. As existing robustness measurement does not scale to large networks, we propose a novel defense framework, named attack as defense (A2D), to detect adversarial examples by effectively evaluating an example's robustness. A2D uses the cost of attacking an input for robustness evaluation and identifies those less robust examples as adversarial since less robust examples are easier to attack. Extensive experiment results on MNIST, CIFAR10 and ImageNet show that A2D is more effective than recent promising approaches. We also evaluate our defence against potential adaptive attacks and show that A2D is effective in defending carefully designed adaptive attacks, e.g., the attack success rate drops to 0

READ FULL TEXT

page 4

page 10

page 15

page 16

page 17

research
03/20/2019

On the Robustness of Deep K-Nearest Neighbors

Despite a large amount of attention on adversarial examples, very few wo...
research
11/22/2021

Medical Aegis: Robust adversarial protectors for medical images

Deep neural network based medical image systems are vulnerable to advers...
research
12/02/2018

SentiNet: Detecting Physical Attacks Against Deep Learning Systems

SentiNet is a novel detection framework for physical attacks on neural n...
research
09/29/2017

Ground-Truth Adversarial Examples

The ability to deploy neural networks in real-world, safety-critical sys...
research
01/28/2019

Defense Methods Against Adversarial Examples for Recurrent Neural Networks

Adversarial examples are known to mislead deep learning models to incorr...
research
06/21/2023

Adversarial Attacks Neutralization via Data Set Randomization

Adversarial attacks on deep-learning models pose a serious threat to the...
research
05/14/2021

Salient Feature Extractor for Adversarial Defense on Deep Neural Networks

Recent years have witnessed unprecedented success achieved by deep learn...

Please sign up or login with your details

Forgot password? Click here to reset