English
 
Help Privacy Policy Disclaimer
  Advanced SearchBrowse
  1. Item Summary / 
  2. View item

Item

ITEM ACTIONSEXPORT
Add to Basket
 Local TagsRelease HistoryDetailsSummary
  RAID: Randomized Adversarial-Input Detection for Neural Networks

Eniser, H. F., Christakis, M., & Wüstholz, V. (2021). RAID: Randomized Adversarial-Input Detection for Neural Networks. Retrieved from https://arxiv.org/abs/2002.02776.

Item is

 

show all hide all

Basic

show hide
Item Permalink: https://hdl.handle.net/21.11116/0000-0009-6F56-B Version Permalink: https://hdl.handle.net/21.11116/0000-000C-CCD3-0
Genre: Paper

Files

show Files
hide Files
:
arXiv:2002.02776.pdf (Preprint), 9KB
View   Save
File Permalink:
https://hdl.handle.net/21.11116/0000-0009-6F58-9
Name:
arXiv:2002.02776.pdf
Description:
File downloaded from arXiv at 2021-11-03 14:07 Submitted to ISSTA
OA-Status:
Not specified
Visibility:
Public
MIME-Type / Checksum:
application/xhtml+xml / [MD5]
Technical Metadata:
View
Copyright Date:
-
Copyright Info:
-
License:
http://arxiv.org/licenses/nonexclusive-distrib/1.0/

Locators

show

Creators

show
hide
 Creators:
Eniser, Hassan Ferit1, Author           
Christakis, Maria1, Author           
Wüstholz, Valentin2, Author
Affiliations:
1Group M. Christakis, Max Planck Institute for Software Systems, Max Planck Society, ou_2541696              
2External Organizations, ou_persistent22              

Content

show
hide
Free keywords: Computer Science, Learning, cs.LG,Computer Science, Cryptography and Security, cs.CR
 Abstract: In recent years, neural networks have become the default choice for image
classification and many other learning tasks, even though they are vulnerable
to so-called adversarial attacks. To increase their robustness against these
attacks, there have emerged numerous detection mechanisms that aim to
automatically determine if an input is adversarial. However, state-of-the-art
detection mechanisms either rely on being tuned for each type of attack, or
they do not generalize across different attack types. To alleviate these
issues, we propose a novel technique for adversarial-image detection, RAID,
that trains a secondary classifier to identify differences in neuron activation
values between benign and adversarial inputs. Our technique is both more
reliable and more effective than the state of the art when evaluated against
six popular attacks. Moreover, a straightforward extension of RAID increases
its robustness against detection-aware adversaries without affecting its
effectiveness.

Details

show
hide
Language(s): eng - English
 Dates: 2020-02-072021
 Publication Status: Published online
 Pages: 12 p.
 Publishing info: -
 Table of Contents: -
 Rev. Type: -
 Identifiers: arXiv: 2002.02776
URI: https://arxiv.org/abs/2002.02776
BibTex Citekey: Eniser_2002.02776
 Degree: -

Event

show

Legal Case

show

Project information

show

Source

show