一种检测对抗性示例的统计防御方法

Proceedings of the 2020 International Conference on Pattern Recognition and Intelligent Systems Pub Date : 2019-08-26 DOI:10.1145/3415048.3416103

Alessandro Cennamo, Ido Freeman, A. Kummert

{"title":"一种检测对抗性示例的统计防御方法","authors":"Alessandro Cennamo, Ido Freeman, A. Kummert","doi":"10.1145/3415048.3416103","DOIUrl":null,"url":null,"abstract":"Adversarial examples are maliciously modified inputs created to fool Machine Learning algorithms (ML). The existence of such inputs presents a major issue to the expansion of ML-based solutions. Many researchers have already contributed to the topic, providing both cutting edge-attack techniques and various defense strategies. This work focuses on the development of a system capable of detecting adversarial samples by exploiting statistical information from the training-set. Our detector computes several distorted replicas of the test input, then collects the classifier's prediction vectors to build a meaningful signature for the detection task. Then, the signature is projected onto a class-specific statistic vector to infer the input's nature. The class predicted for the original input is used to select the class-statistic vector. We show that our method reliably detects malicious inputs, outperforming state-of-the-art approaches in various settings, while being complementary to other defense solutions.","PeriodicalId":122511,"journal":{"name":"Proceedings of the 2020 International Conference on Pattern Recognition and Intelligent Systems","volume":"31 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A Statistical Defense Approach for Detecting Adversarial Examples\",\"authors\":\"Alessandro Cennamo, Ido Freeman, A. Kummert\",\"doi\":\"10.1145/3415048.3416103\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Adversarial examples are maliciously modified inputs created to fool Machine Learning algorithms (ML). The existence of such inputs presents a major issue to the expansion of ML-based solutions. Many researchers have already contributed to the topic, providing both cutting edge-attack techniques and various defense strategies. This work focuses on the development of a system capable of detecting adversarial samples by exploiting statistical information from the training-set. Our detector computes several distorted replicas of the test input, then collects the classifier's prediction vectors to build a meaningful signature for the detection task. Then, the signature is projected onto a class-specific statistic vector to infer the input's nature. The class predicted for the original input is used to select the class-statistic vector. We show that our method reliably detects malicious inputs, outperforming state-of-the-art approaches in various settings, while being complementary to other defense solutions.\",\"PeriodicalId\":122511,\"journal\":{\"name\":\"Proceedings of the 2020 International Conference on Pattern Recognition and Intelligent Systems\",\"volume\":\"31 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-08-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 International Conference on Pattern Recognition and Intelligent Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3415048.3416103\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 International Conference on Pattern Recognition and Intelligent Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3415048.3416103","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

对抗性示例是恶意修改输入以欺骗机器学习算法(ML)。这种输入的存在对基于机器学习的解决方案的扩展提出了一个主要问题。许多研究人员已经对这个话题做出了贡献，提供了尖端的攻击技术和各种防御策略。这项工作的重点是开发一个能够通过利用来自训练集的统计信息来检测对抗性样本的系统。我们的检测器计算测试输入的几个扭曲副本，然后收集分类器的预测向量，为检测任务构建有意义的签名。然后，将签名投影到特定于类的统计向量上，以推断输入的性质。为原始输入预测的类用于选择类统计向量。我们表明，我们的方法可靠地检测恶意输入，在各种设置中优于最先进的方法，同时与其他防御解决方案互补。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Statistical Defense Approach for Detecting Adversarial Examples

Adversarial examples are maliciously modified inputs created to fool Machine Learning algorithms (ML). The existence of such inputs presents a major issue to the expansion of ML-based solutions. Many researchers have already contributed to the topic, providing both cutting edge-attack techniques and various defense strategies. This work focuses on the development of a system capable of detecting adversarial samples by exploiting statistical information from the training-set. Our detector computes several distorted replicas of the test input, then collects the classifier's prediction vectors to build a meaningful signature for the detection task. Then, the signature is projected onto a class-specific statistic vector to infer the input's nature. The class predicted for the original input is used to select the class-statistic vector. We show that our method reliably detects malicious inputs, outperforming state-of-the-art approaches in various settings, while being complementary to other defense solutions.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2020 International Conference on Pattern Recognition and Intelligent Systems

自引率

0.00%

发文量