Noise Based Approach for the Detection of Adversarial Examples
- Autores
- Kloster, Matias Alejandro; Cúñale, Ariel Hernán; Mato, Germán
- Año de publicación
- 2020
- Idioma
- inglés
- Tipo de recurso
- documento de conferencia
- Estado
- versión publicada
- Descripción
- We propose a new method for detecting adversarial examples based on a stochastic approach. An example is presented to the network several times and classified as adversarial if the fraction of times the output label is different from the label generated by the deterministic network is above some threshold value. We analyze the performance of the method for three attack methods (DeepFool, Fast Gradient Sign Method and norm 2 Carlini Wagner) and two datasets (MNIST and CIFAR-10). We find that our approach works best for stronger attacks such as DeepFool and CW2, and could be used as part of a scheme where several methods are applied simultaneously in order to estimate if a given input is adversarial or not.
Sociedad Argentina de Informática - Materia
-
Ciencias Informáticas
Adversarial examples
Method for detecting - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- http://creativecommons.org/licenses/by-nc-sa/3.0/
- Repositorio
.jpg)
- Institución
- Universidad Nacional de La Plata
- OAI Identificador
- oai:sedici.unlp.edu.ar:10915/116415
Ver los metadatos del registro completo
| id |
SEDICI_b7e9d1b7ebaabdff49722266b40ab1fd |
|---|---|
| oai_identifier_str |
oai:sedici.unlp.edu.ar:10915/116415 |
| network_acronym_str |
SEDICI |
| repository_id_str |
1329 |
| network_name_str |
SEDICI (UNLP) |
| spelling |
Noise Based Approach for the Detection of Adversarial ExamplesKloster, Matias AlejandroCúñale, Ariel HernánMato, GermánCiencias InformáticasAdversarial examplesMethod for detectingWe propose a new method for detecting adversarial examples based on a stochastic approach. An example is presented to the network several times and classified as adversarial if the fraction of times the output label is different from the label generated by the deterministic network is above some threshold value. We analyze the performance of the method for three attack methods (DeepFool, Fast Gradient Sign Method and norm 2 Carlini Wagner) and two datasets (MNIST and CIFAR-10). We find that our approach works best for stronger attacks such as DeepFool and CW2, and could be used as part of a scheme where several methods are applied simultaneously in order to estimate if a given input is adversarial or not.Sociedad Argentina de Informática2020-10info:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/publishedVersionObjeto de conferenciahttp://purl.org/coar/resource_type/c_5794info:ar-repo/semantics/documentoDeConferenciaapplication/pdf25-38http://sedici.unlp.edu.ar/handle/10915/116415enginfo:eu-repo/semantics/altIdentifier/url/http://49jaiio.sadio.org.ar/pdfs/agranda/AGRANDA-04.pdfinfo:eu-repo/semantics/altIdentifier/issn/2683-8966info:eu-repo/semantics/openAccesshttp://creativecommons.org/licenses/by-nc-sa/3.0/Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0)reponame:SEDICI (UNLP)instname:Universidad Nacional de La Platainstacron:UNLP2025-10-15T11:19:03Zoai:sedici.unlp.edu.ar:10915/116415Institucionalhttp://sedici.unlp.edu.ar/Universidad públicaNo correspondehttp://sedici.unlp.edu.ar/oai/snrdalira@sedici.unlp.edu.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:13292025-10-15 11:19:03.934SEDICI (UNLP) - Universidad Nacional de La Platafalse |
| dc.title.none.fl_str_mv |
Noise Based Approach for the Detection of Adversarial Examples |
| title |
Noise Based Approach for the Detection of Adversarial Examples |
| spellingShingle |
Noise Based Approach for the Detection of Adversarial Examples Kloster, Matias Alejandro Ciencias Informáticas Adversarial examples Method for detecting |
| title_short |
Noise Based Approach for the Detection of Adversarial Examples |
| title_full |
Noise Based Approach for the Detection of Adversarial Examples |
| title_fullStr |
Noise Based Approach for the Detection of Adversarial Examples |
| title_full_unstemmed |
Noise Based Approach for the Detection of Adversarial Examples |
| title_sort |
Noise Based Approach for the Detection of Adversarial Examples |
| dc.creator.none.fl_str_mv |
Kloster, Matias Alejandro Cúñale, Ariel Hernán Mato, Germán |
| author |
Kloster, Matias Alejandro |
| author_facet |
Kloster, Matias Alejandro Cúñale, Ariel Hernán Mato, Germán |
| author_role |
author |
| author2 |
Cúñale, Ariel Hernán Mato, Germán |
| author2_role |
author author |
| dc.subject.none.fl_str_mv |
Ciencias Informáticas Adversarial examples Method for detecting |
| topic |
Ciencias Informáticas Adversarial examples Method for detecting |
| dc.description.none.fl_txt_mv |
We propose a new method for detecting adversarial examples based on a stochastic approach. An example is presented to the network several times and classified as adversarial if the fraction of times the output label is different from the label generated by the deterministic network is above some threshold value. We analyze the performance of the method for three attack methods (DeepFool, Fast Gradient Sign Method and norm 2 Carlini Wagner) and two datasets (MNIST and CIFAR-10). We find that our approach works best for stronger attacks such as DeepFool and CW2, and could be used as part of a scheme where several methods are applied simultaneously in order to estimate if a given input is adversarial or not. Sociedad Argentina de Informática |
| description |
We propose a new method for detecting adversarial examples based on a stochastic approach. An example is presented to the network several times and classified as adversarial if the fraction of times the output label is different from the label generated by the deterministic network is above some threshold value. We analyze the performance of the method for three attack methods (DeepFool, Fast Gradient Sign Method and norm 2 Carlini Wagner) and two datasets (MNIST and CIFAR-10). We find that our approach works best for stronger attacks such as DeepFool and CW2, and could be used as part of a scheme where several methods are applied simultaneously in order to estimate if a given input is adversarial or not. |
| publishDate |
2020 |
| dc.date.none.fl_str_mv |
2020-10 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/conferenceObject info:eu-repo/semantics/publishedVersion Objeto de conferencia http://purl.org/coar/resource_type/c_5794 info:ar-repo/semantics/documentoDeConferencia |
| format |
conferenceObject |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://sedici.unlp.edu.ar/handle/10915/116415 |
| url |
http://sedici.unlp.edu.ar/handle/10915/116415 |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/url/http://49jaiio.sadio.org.ar/pdfs/agranda/AGRANDA-04.pdf info:eu-repo/semantics/altIdentifier/issn/2683-8966 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess http://creativecommons.org/licenses/by-nc-sa/3.0/ Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
http://creativecommons.org/licenses/by-nc-sa/3.0/ Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) |
| dc.format.none.fl_str_mv |
application/pdf 25-38 |
| dc.source.none.fl_str_mv |
reponame:SEDICI (UNLP) instname:Universidad Nacional de La Plata instacron:UNLP |
| reponame_str |
SEDICI (UNLP) |
| collection |
SEDICI (UNLP) |
| instname_str |
Universidad Nacional de La Plata |
| instacron_str |
UNLP |
| institution |
UNLP |
| repository.name.fl_str_mv |
SEDICI (UNLP) - Universidad Nacional de La Plata |
| repository.mail.fl_str_mv |
alira@sedici.unlp.edu.ar |
| _version_ |
1846064248619270144 |
| score |
13.22299 |