FAD: Fine-Grained Adversarial Detection by Perturbation Intensity Classification

Adversarial examples present a severe threat to deep neural networks’ application in safetycritical domains such as autonomous driving. Although there are numerous defensive solutions, they all have some flaws, such as the fact that they can only defend against adversarial attacks with a limited ran...

Descripción completa

Detalles Bibliográficos
Autores principales: Yang, Jin-Tao, Jiang, Hao, Li, Hao, Ye, Dong-Sheng, Jiang, Wei
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2023
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9955552/
https://www.ncbi.nlm.nih.gov/pubmed/36832701
http://dx.doi.org/10.3390/e25020335
_version_ 1784894374780338176
author Yang, Jin-Tao
Jiang, Hao
Li, Hao
Ye, Dong-Sheng
Jiang, Wei
author_facet Yang, Jin-Tao
Jiang, Hao
Li, Hao
Ye, Dong-Sheng
Jiang, Wei
author_sort Yang, Jin-Tao
collection PubMed
description Adversarial examples present a severe threat to deep neural networks’ application in safetycritical domains such as autonomous driving. Although there are numerous defensive solutions, they all have some flaws, such as the fact that they can only defend against adversarial attacks with a limited range of adversarial intensities. Therefore, there is a need for a detection method that can distinguish the adversarial intensity in a fine-grained manner so that subsequent tasks can perform different defense processing against perturbations of various intensities. Based on thefact that adversarial attack samples of different intensities are significantly different in the highfrequency region, this paper proposes a method to amplify the high-frequency component of the image and input it into the deep neural network based on the residual block structure. To our best knowledge, the proposed method is the first to classify adversarial intensities at a fine-grained level, thus providing an attack detection component for a general AI firewall. Experimental results show that our proposed method not only has advanced performance in AutoAttack detection by perturbation intensity classification, but also can effectively apply to detect examples of unseen adversarial attack methods.
format Online
Article
Text
id pubmed-9955552
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-99555522023-02-25 FAD: Fine-Grained Adversarial Detection by Perturbation Intensity Classification Yang, Jin-Tao Jiang, Hao Li, Hao Ye, Dong-Sheng Jiang, Wei Entropy (Basel) Article Adversarial examples present a severe threat to deep neural networks’ application in safetycritical domains such as autonomous driving. Although there are numerous defensive solutions, they all have some flaws, such as the fact that they can only defend against adversarial attacks with a limited range of adversarial intensities. Therefore, there is a need for a detection method that can distinguish the adversarial intensity in a fine-grained manner so that subsequent tasks can perform different defense processing against perturbations of various intensities. Based on thefact that adversarial attack samples of different intensities are significantly different in the highfrequency region, this paper proposes a method to amplify the high-frequency component of the image and input it into the deep neural network based on the residual block structure. To our best knowledge, the proposed method is the first to classify adversarial intensities at a fine-grained level, thus providing an attack detection component for a general AI firewall. Experimental results show that our proposed method not only has advanced performance in AutoAttack detection by perturbation intensity classification, but also can effectively apply to detect examples of unseen adversarial attack methods. MDPI 2023-02-11 /pmc/articles/PMC9955552/ /pubmed/36832701 http://dx.doi.org/10.3390/e25020335 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Yang, Jin-Tao
Jiang, Hao
Li, Hao
Ye, Dong-Sheng
Jiang, Wei
FAD: Fine-Grained Adversarial Detection by Perturbation Intensity Classification
title FAD: Fine-Grained Adversarial Detection by Perturbation Intensity Classification
title_full FAD: Fine-Grained Adversarial Detection by Perturbation Intensity Classification
title_fullStr FAD: Fine-Grained Adversarial Detection by Perturbation Intensity Classification
title_full_unstemmed FAD: Fine-Grained Adversarial Detection by Perturbation Intensity Classification
title_short FAD: Fine-Grained Adversarial Detection by Perturbation Intensity Classification
title_sort fad: fine-grained adversarial detection by perturbation intensity classification
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9955552/
https://www.ncbi.nlm.nih.gov/pubmed/36832701
http://dx.doi.org/10.3390/e25020335
work_keys_str_mv AT yangjintao fadfinegrainedadversarialdetectionbyperturbationintensityclassification
AT jianghao fadfinegrainedadversarialdetectionbyperturbationintensityclassification
AT lihao fadfinegrainedadversarialdetectionbyperturbationintensityclassification
AT yedongsheng fadfinegrainedadversarialdetectionbyperturbationintensityclassification
AT jiangwei fadfinegrainedadversarialdetectionbyperturbationintensityclassification

Ejemplares similares