Interpretable adversarial example detection via high-level concept activation vector

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-11-26 DOI:10.1016/j.cose.2024.104218

Jiaxing Li , Yu-an Tan , Xinyu Liu , Weizhi Meng , Yuanzhang Li

{"title":"Interpretable adversarial example detection via high-level concept activation vector","authors":"Jiaxing Li , Yu-an Tan , Xinyu Liu , Weizhi Meng , Yuanzhang Li","doi":"10.1016/j.cose.2024.104218","DOIUrl":null,"url":null,"abstract":"<div><div>Deep neural networks have achieved amazing performance in many tasks. However, they are easily fooled by small perturbations added to the input. Such small perturbations to image data are usually imperceptible to humans. The uninterpretable nature of deep learning systems is considered to be one of the reasons why they are vulnerable to adversarial attacks. For enhanced trust and confidence, it is crucial for artificial intelligence systems to ensure transparency, reliability, and human comprehensibility in their decision-making processes as they gain wider acceptance among the general public. In this paper, we propose an approach for defending against adversarial attacks based on conceptually interpretable techniques. Our approach to model interpretation is on high-level concepts rather than low-level pixel features. Our key finding is that adding small perturbations leads to large changes in the model concept vector tests. Based on this, we design a single image concept vector testing method for detecting adversarial examples. Our experiments on the Imagenet dataset show that our method can achieve an average accuracy of over 95%. We provide source code in the supplementary material.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"150 ","pages":"Article 104218"},"PeriodicalIF":4.8000,"publicationDate":"2024-11-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824005248","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Deep neural networks have achieved amazing performance in many tasks. However, they are easily fooled by small perturbations added to the input. Such small perturbations to image data are usually imperceptible to humans. The uninterpretable nature of deep learning systems is considered to be one of the reasons why they are vulnerable to adversarial attacks. For enhanced trust and confidence, it is crucial for artificial intelligence systems to ensure transparency, reliability, and human comprehensibility in their decision-making processes as they gain wider acceptance among the general public. In this paper, we propose an approach for defending against adversarial attacks based on conceptually interpretable techniques. Our approach to model interpretation is on high-level concepts rather than low-level pixel features. Our key finding is that adding small perturbations leads to large changes in the model concept vector tests. Based on this, we design a single image concept vector testing method for detecting adversarial examples. Our experiments on the Imagenet dataset show that our method can achieve an average accuracy of over 95%. We provide source code in the supplementary material.

查看原文本刊更多论文

基于高级概念激活向量的可解释对抗示例检测

深度神经网络在许多任务中取得了惊人的成绩。然而，它们很容易被添加到输入中的小扰动所愚弄。这种对图像数据的微小扰动通常是人类无法察觉的。深度学习系统的不可解释性被认为是它们容易受到对抗性攻击的原因之一。为了增强信任和信心，人工智能系统在其决策过程中确保透明度、可靠性和人类的可理解性是至关重要的，因为它们在公众中得到了更广泛的接受。在本文中，我们提出了一种基于概念可解释技术的防御对抗性攻击的方法。我们的模型解释方法是基于高级概念，而不是低级像素特征。我们的主要发现是，添加小的扰动会导致模型概念向量测试中的大变化。在此基础上，我们设计了一种单图像概念向量测试方法来检测对抗样本。我们在Imagenet数据集上的实验表明，我们的方法可以达到95%以上的平均准确率。我们在补充材料中提供了源代码。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.