TY - JOUR
T1 - ADS-detector
T2 - An attention-based dual stream adversarial example detection method
AU - Guo, Sensen
AU - Li, Xiaoyu
AU - Zhu, Peican
AU - Mu, Zhiying
N1 - Publisher Copyright:
© 2023 Elsevier B.V.
PY - 2023/4/8
Y1 - 2023/4/8
N2 - Adversarial attacks seriously threaten the security of machine learning models. Thus, detecting adversarial examples has become an important and interesting research topic facing various adversarial attacks. However, the majority of existing adversarial example detection algorithms cannot perform well in detecting adversarial examples with slight perturbations. In this paper, we propose a novel attention-based dual stream detector (ADS-Detector) that can address the detection of adversarial examples with both slight and large perturbations. Specifically, we first design a data process module to generate pixel and prediction confidence stream data from the raw image. Then, we propose an N-layer attention module to extract the channel and spatial feature weights between the pixel and prediction confidence stream data. Eventually, we feed the dual-stream data into the same subdetection model with a convolutional block attention module; then, the output results are combined to determine whether the input image is an adversarial example or not. To validate the performance, we conduct extensive experiments on three public datasets: CIFAR10, Dogs vs. Cats and ImageNet. After sufficient analysis of the simulation results, we find that our proposed method outperforms the others for the detection of adversarial attacks generated by the considered attack methods.
AB - Adversarial attacks seriously threaten the security of machine learning models. Thus, detecting adversarial examples has become an important and interesting research topic facing various adversarial attacks. However, the majority of existing adversarial example detection algorithms cannot perform well in detecting adversarial examples with slight perturbations. In this paper, we propose a novel attention-based dual stream detector (ADS-Detector) that can address the detection of adversarial examples with both slight and large perturbations. Specifically, we first design a data process module to generate pixel and prediction confidence stream data from the raw image. Then, we propose an N-layer attention module to extract the channel and spatial feature weights between the pixel and prediction confidence stream data. Eventually, we feed the dual-stream data into the same subdetection model with a convolutional block attention module; then, the output results are combined to determine whether the input image is an adversarial example or not. To validate the performance, we conduct extensive experiments on three public datasets: CIFAR10, Dogs vs. Cats and ImageNet. After sufficient analysis of the simulation results, we find that our proposed method outperforms the others for the detection of adversarial attacks generated by the considered attack methods.
KW - Adversarial example detection
KW - Attention module
KW - Dual stream
KW - Prediction confidence
UR - http://www.scopus.com/inward/record.url?scp=85149882427&partnerID=8YFLogxK
U2 - 10.1016/j.knosys.2023.110388
DO - 10.1016/j.knosys.2023.110388
M3 - 文章
AN - SCOPUS:85149882427
SN - 0950-7051
VL - 265
JO - Knowledge-Based Systems
JF - Knowledge-Based Systems
M1 - 110388
ER -