A key challenge in computer vision and deep learning is the definition of robust strategies for the detection of adversarial examples. Here, we propose the adoption of ensemble approaches to leverage the effectiveness of multiple detectors in exploiting distinct properties of the input data. To this end, the ENsemble Adversarial Detector (ENAD) framework integrates scoring functions from state-of-the-art detectors based on Mahalanobis distance, Local Intrinsic Dimensionality, and One-Class Support Vector Machines, which process the hidden features of deep neural networks. ENAD is designed to ensure high standardization and reproducibility to the computational workflow. Importantly, extensive tests on benchmark datasets, models and adversarial attacks show that ENAD outperforms all competing methods in the large majority of settings. The improvement over the state-of-the-art and the intrinsic generality of the framework, which allows one to easily extend ENAD to include any set of detectors, set the foundations for the new area of ensemble adversarial detection.
翻译:计算机视野和深层次学习的一个关键挑战是确定探测对抗性实例的稳健战略。在这里,我们建议采取各种办法,利用多种探测器在利用输入数据的不同特性方面的有效性。为此,ENSemble Adversarial探测器(ENAD)框架整合了基于Mahalanobis距离、地方内在维度和一格支持矢量机的先进探测器的评分功能,这些探测器处理深层神经网络的隐蔽特征。ENAD旨在确保高标准化和可复制计算工作流程。重要的是,对基准数据集、模型和对抗性攻击的广泛测试表明,ENAD在绝大多数环境中都超越了所有相互竞争的方法。对状态探测器的改进和框架的内在普遍性,使人们能够很容易地扩展ENAD,以包括任何一套探测器,为联合对抗性对立探测的新领域奠定基础。