Extensive research has demonstrated that deep neural networks (DNNs) are prone to adversarial attacks. Although various defense mechanisms have been proposed for image classification networks, fewer approaches exist for video-based models that are used in security-sensitive applications like surveillance. In this paper, we propose a novel yet simple algorithm called Pseudo-Adversarial Training (PAT), to detect the adversarial frames in a video without requiring knowledge of the attack. Our approach generates `transition frames' that capture critical deviation from the original frames and eliminate the components insignificant to the detection task. To avoid the necessity of knowing the attack model, we produce `pseudo perturbations' to train our detection network. Adversarial detection is then achieved through the use of the detected frames. Experimental results on UCF-101 and 20BN-Jester datasets show that PAT can detect the adversarial video frames and videos with a high detection rate. We also unveil the potential reasons for the effectiveness of the transition frames and pseudo perturbations through extensive experiments.
翻译:广泛的研究表明,深神经网络容易遭到对抗性攻击,虽然为图像分类网络提出了各种防御机制,但在监视等安全敏感应用中使用的视频模型方面,现有办法较少。在本文中,我们提议了一种新颖而简单的算法,称为Pseudo-Adversarial Traination(PAT),在录像中检测对抗性框架,而不需要对攻击的了解。我们的方法产生了“过渡框架”,它捕捉到与原始框架的重大偏差,并消除了与探测任务无关的部件。为避免了解攻击模型的必要性,我们制作了“模拟扰动”来培训我们的探测网络。然后通过使用探测到的框进行反向探测。UCF-101和20BN-Jester数据集的实验结果显示,PAT能够通过广泛的试验检测到对抗性视频框架和高探测率的视频。我们还公布了过渡框架和假扰动的功效的潜在原因。