DeepWise Cyber Teen Guardian: Protecting Internet Environment via a Novel Automatic Adversarial Samples Detection System Based on Revised Neural Network

Abstract

In order to assist teenagers to surf the internet healthily, there are image filters based on image recognition neural networks removing inappropriate content, but image filters are vulnerable to attack by adversarial samples, which are generated by adding well-crafted noise to an image, making the filter consider an inappropriate image as appropriate. In order to defend against adversarial attacks, various adversarial detection algorithms are designed. The state-of-the-art detector enjoys a promising detection performance, but it suffers from high computational overhead. In this work, DeepWise is proposed, which records the mean and covariance for each class of images at each recording layer of the neural network during training. The input image’s mean and covariance at each layer and the network’s classification of the image are also recorded. Then, the Mahalanobis distance is calculated between the distributions of input image and the training images at each layer based on the network’s prediction. A linear regressor takes these distances as input, and determines whether the input image is an adversarial sample or not. DeepWise achieves a computational saving ranging from 39.77% to 87.98% for datasets SVHN, CIFAR- 10, and CIFAR-100 on the image recognition model ResNet-34 and DenseNet-3 while preserving a comparable AUROC to the existing state-of-the-art method.