TY - GEN
T1 - Adversarial Example Detection with Latent Representation Dynamic Prototype
AU - Wang, Taowen
AU - Qian, Zhuang
AU - Yang, Xi
N1 - Publisher Copyright:
© 2024, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
PY - 2024
Y1 - 2024
N2 - In the realm of Deep Neural Networks (DNNs), one of the primary concerns is their vulnerability in adversarial environments, whereby malicious attackers can easily manipulate them. As such, identifying adversarial samples is crucial to safeguarding the security of DNNs in real-world scenarios. In this work, we propose a method of adversarial example detection. Our approach using a Latent Representation Dynamic Prototype to sample more generalizable latent representations from a learnable Gaussian distribution, which relaxes the detection dependency on the nearest neighbour’s latent representation. Additionally, we introduce Random Homogeneous Sampling (RHS) to replace KNN sampling reference samples, resulting in lower reasoning time complexity at O(1). Lastly, we use cross-attention in the adversarial discriminator to capture the evolutionary differences of latent representation in benign and adversarial samples by comparing the latent representations from inference and reference samples globally. We conducted experiments to evaluate our approach and found that it performs competitively in the gray-box setting against various attacks with two Lp -norm constraints for CIFAR-10 and SVHN datasets. Moreover, our detector trained with PGD attack exhibited detection ability for unseen adversarial samples generated by other adversarial attacks with small perturbations, ensuring its generalization ability in different scenarios.
AB - In the realm of Deep Neural Networks (DNNs), one of the primary concerns is their vulnerability in adversarial environments, whereby malicious attackers can easily manipulate them. As such, identifying adversarial samples is crucial to safeguarding the security of DNNs in real-world scenarios. In this work, we propose a method of adversarial example detection. Our approach using a Latent Representation Dynamic Prototype to sample more generalizable latent representations from a learnable Gaussian distribution, which relaxes the detection dependency on the nearest neighbour’s latent representation. Additionally, we introduce Random Homogeneous Sampling (RHS) to replace KNN sampling reference samples, resulting in lower reasoning time complexity at O(1). Lastly, we use cross-attention in the adversarial discriminator to capture the evolutionary differences of latent representation in benign and adversarial samples by comparing the latent representations from inference and reference samples globally. We conducted experiments to evaluate our approach and found that it performs competitively in the gray-box setting against various attacks with two Lp -norm constraints for CIFAR-10 and SVHN datasets. Moreover, our detector trained with PGD attack exhibited detection ability for unseen adversarial samples generated by other adversarial attacks with small perturbations, ensuring its generalization ability in different scenarios.
KW - Adversarial attack
KW - Adversarial example detection
KW - Cross attention
UR - http://www.scopus.com/inward/record.url?scp=85178595066&partnerID=8YFLogxK
U2 - 10.1007/978-981-99-8070-3_40
DO - 10.1007/978-981-99-8070-3_40
M3 - Conference Proceeding
AN - SCOPUS:85178595066
SN - 9789819980697
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 525
EP - 536
BT - Neural Information Processing - 30th International Conference, ICONIP 2023, Proceedings
A2 - Luo, Biao
A2 - Cheng, Long
A2 - Wu, Zheng-Guang
A2 - Li, Hongyi
A2 - Li, Chaojie
PB - Springer Science and Business Media Deutschland GmbH
T2 - 30th International Conference on Neural Information Processing, ICONIP 2023
Y2 - 20 November 2023 through 23 November 2023
ER -