Header menu link for other important links
DAMAD: Database, Attack, and Model Agnostic Adversarial Perturbation Detector
A. Agarwal, G. Goswami, , , N.K. Ratha
Published in Institute of Electrical and Electronics Engineers Inc.
Adversarial perturbations have demonstrated the vulnerabilities of deep learning algorithms to adversarial attacks. Existing adversary detection algorithms attempt to detect the singularities; however, they are in general, loss-function, database, or model dependent. To mitigate this limitation, we propose DAMAD--a generalized perturbation detection algorithm which is agnostic to model architecture, training data set, and loss function used during training. The proposed adversarial perturbation detection algorithm is based on the fusion of autoencoder embedding and statistical texture features extracted from convolutional neural networks. The performance of DAMAD is evaluated on the challenging scenarios of cross-database, cross-attack, and cross-architecture training and testing along with traditional evaluation of testing on the same database with known attack and model. Comparison with state-of-the-art perturbation detection algorithms showcase the effectiveness of the proposed algorithm on six databases: ImageNet, CIFAR-10, Multi-PIE, MEDS, point and shoot challenge (PaSC), and MNIST. Performance evaluation with nearly a quarter of a million adversarial and original images and comparison with recent algorithms show the effectiveness of the proposed algorithm. IEEE
About the journal
JournalData powered by TypesetIEEE Transactions on Neural Networks and Learning Systems
PublisherData powered by TypesetInstitute of Electrical and Electronics Engineers Inc.