SpectralDefense: Detecting Adversarial Attacks on CNNs in the Fourier Domain
- Despite the success of convolutional neural networks (CNNs) in many computer vision and image analysis tasks, they remain vulnerable against so-called adversarial attacks: Small, crafted perturbations in the input images can lead to false predictions. A possible defense is to detect adversarial examples. In this work, we show how analysis in the Fourier domain of input images and feature maps canDespite the success of convolutional neural networks (CNNs) in many computer vision and image analysis tasks, they remain vulnerable against so-called adversarial attacks: Small, crafted perturbations in the input images can lead to false predictions. A possible defense is to detect adversarial examples. In this work, we show how analysis in the Fourier domain of input images and feature maps can be used to distinguish benign test samples from adversarial images. We propose two novel detection methods: Our first method employs the magnitude spectrum of the input images to detect an adversarial attack. This simple and robust classifier can successfully detect adversarial perturbations of three commonly used attack methods. The second method builds upon the first and additionally extracts the phase of Fourier coefficients of feature-maps at different layers of the network. With this extension, we are able to improve adversarial detection rates compared to state-of-the-art detectors on five different attack methods. The code for the methods proposed in the paper is available at github.com/paulaharder/SpectralAdversarialDefense…
Document Type: | Conference Proceeding |
---|---|
Conference Type: | Konferenzartikel |
Zitierlink: | https://opus.hs-offenburg.de/5284 | Bibliografische Angaben |
Title (English): | SpectralDefense: Detecting Adversarial Attacks on CNNs in the Fourier Domain |
Conference: | 2021 International Joint Conference on Neural Networks (IJCNN), 18-22 July 2021, Shenzhen, China |
Author: | Paula Harder, Franz-Josef Pfreundt, Margret Keuper, Janis KeuperStaff MemberORCiDGND |
Year of Publication: | 2021 |
Publisher: | IEEE |
Page Number: | 8 |
First Page: | 1 |
Last Page: | 8 |
Parent Title (English): | IJCNN 2021. The International Joint Conference on Neural Networks : 2021 Conference Proceedings |
ISBN: | 978-1-6654-3900-8 (elektronisch) |
ISBN: | 978-1-6654-4597-9 (Print on Demand) |
ISSN: | 2161-4407 (elektronisch) |
ISSN: | 2161-4393 (Print on Demand) |
DOI: | https://doi.org/10.1109/IJCNN52387.2021.9533442 |
URL: | https://ieeexplore.ieee.org/document/9533442 |
Language: | English | Inhaltliche Informationen |
Institutes: | Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) |
Forschung / IMLA - Institute for Machine Learning and Analytics | |
Institutes: | Bibliografie |
Tag: | adversarial attacks; adversarial detection; convolutional neural networks; image classification | Formale Angaben |
Open Access: | Closed Access |
Licence (German): | Urheberrechtlich geschützt |