Privacy Preserving Statistical Detection of Adversarial Instances

Abstract

Adversarial instances are malicious input designed by attackers to cause a classification model to make a false prediction, e.g. in Spam detection. Effective solutions have been proposed to detect and block adversarial instances in real time. Still, the proposed approaches fail to detect adversarial instances over private input (required by many on-line platforms analyzing sensitive personal data).In this work, we propose a novel framework that applies a statistical test to detect adversarial instances when data under analysis are in private format. The practical feasibility of our approach in terms of computation cost is shown through an experimental evaluation.