ADS-detector: An attention-based dual stream adversarial example detection method

Sensen Guo, Xiaoyu Li, Peican Zhu, Zhiying Mu

Research output: Contribution to journalArticlepeer-review

17 Scopus citations

Abstract

Adversarial attacks seriously threaten the security of machine learning models. Thus, detecting adversarial examples has become an important and interesting research topic facing various adversarial attacks. However, the majority of existing adversarial example detection algorithms cannot perform well in detecting adversarial examples with slight perturbations. In this paper, we propose a novel attention-based dual stream detector (ADS-Detector) that can address the detection of adversarial examples with both slight and large perturbations. Specifically, we first design a data process module to generate pixel and prediction confidence stream data from the raw image. Then, we propose an N-layer attention module to extract the channel and spatial feature weights between the pixel and prediction confidence stream data. Eventually, we feed the dual-stream data into the same subdetection model with a convolutional block attention module; then, the output results are combined to determine whether the input image is an adversarial example or not. To validate the performance, we conduct extensive experiments on three public datasets: CIFAR10, Dogs vs. Cats and ImageNet. After sufficient analysis of the simulation results, we find that our proposed method outperforms the others for the detection of adversarial attacks generated by the considered attack methods.

Original languageEnglish
Article number110388
JournalKnowledge-Based Systems
Volume265
DOIs
StatePublished - 8 Apr 2023

Keywords

  • Adversarial example detection
  • Attention module
  • Dual stream
  • Prediction confidence

Fingerprint

Dive into the research topics of 'ADS-detector: An attention-based dual stream adversarial example detection method'. Together they form a unique fingerprint.

Cite this