Summary of Neural Fingerprints For Adversarial Attack Detection, by Haim Fisher et al.
Neural Fingerprints for Adversarial Attack Detection
by Haim Fisher, Moni Shahar, Yehezkel S. Resheff
First submitted to arxiv on: 7 Nov 2024
Categories
- Main: Computer Vision and Pattern Recognition (cs.CV)
- Secondary: Machine Learning (cs.LG); Applications (stat.AP)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper addresses the vulnerability of deep learning models for image classification to adversarial examples. While many algorithms have been proposed to detect attacked images, we argue that these detectors can be overcome in a white-box setting where the attacker knows the model’s configuration and weights. To overcome this limitation, we propose randomization as a defense mechanism. We generate a large family of detectors with consistent performance and select one or more randomly for each input. For individual detectors, we suggest the method of neural fingerprints, which are unique patterns of neurons that distinguish between clean and attacked images. During testing, we sample fingerprints from the bank associated with the predicted label and detect attacks using a likelihood ratio test. We evaluate our detectors on ImageNet with different attack methods and model architectures, achieving near-perfect detection with low rates of false detection. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Imagine you have a super smart computer program that can recognize images. But what if someone tries to trick it by making tiny changes to the image? This could cause the program to make mistakes. Many people have tried to fix this problem, but we found that even their best solutions aren’t perfect. That’s why we came up with a new idea: instead of using just one way to detect problems, let’s use many different methods and pick one randomly each time. We call these methods “fingerprints” because they are unique patterns in the computer program that help us figure out if an image is real or fake. Our method works really well on big images like those found on the internet, and it can even detect when someone is trying to trick it. |
Keywords
» Artificial intelligence » Deep learning » Image classification » Likelihood
