Effective and Robust Detection of Adversarial Examples via Benford-Fourier Coefficients
Abstract: Adversarial examples have been well known as a serious threat to deep neural
networks (DNNs). To ensure successful and safe operations of DNNs on realworld tasks,
it is urgent to equip DNNs with effective defense strategies. In this
work, we study the detection of adversarial examples, based on the assumption
that the output and internal responses of one DNN model for both adversarial and
benign examples follow the generalized Gaussian distribution (GGD), but with
different parameters (i.e., shape factor, mean, and variance). GGD is a general
distribution family to cover many popular distributions (e.g., Laplacian, Gaussian,
or uniform). It is more likely to approximate the intrinsic distributions of internal
responses than any specific distribution. Besides, since the shape factor is more
robust to different databases rather than the other two parameters, we propose
to construct discriminative features via the shape factor for adversarial detection,
employing the magnitude of Benford-Fourier coefficients (MBF), which can be
easily estimated using responses. Finally, a support vector machine is trained
as the adversarial detector through leveraging the MBF features. Through the
Kolmogorov-Smirnov (KS) test, we empirically verify that: 1) the posterior vectors
of both adversarial and benign examples follow GGD; 2) the extracted MBF features
of adversarial and benign examples follow different distributions. Extensive
experiments in terms of image classification demonstrate that the proposed
detector is much more effective and robust on detecting adversarial examples
of different crafting methods and different sources, in contrast to state-of-the-art
adversarial detection methods.
Original Pdf: pdf
7 Replies
Loading