Locally Optimal Detection of Stochastic Targeted Universal Adversarial Perturbations

Amish Goel, Pierre Moulin

Research output: Contribution to journalConference articlepeer-review

Abstract

Deep learning image classifiers are known to be vulnerable to small adversarial perturbations of input images. In this paper, we derive the locally optimal generalized likelihood ratio test based detector for detecting stochastic targeted universal adversarial perturbations to a classifier's input. We employ a two-stage process to learn the detector's parameters, which involves unsupervised maximum likelihood estimation followed by supervised training and demonstrates better performance of the detector compared to other detection methods on several popular image classification datasets.

Original languageEnglish (US)
Pages (from-to)5025-5029
Number of pages5
JournalICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings
Volume2021-June
DOIs
StatePublished - 2021
Event2021 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2021 - Virtual, Toronto, Canada
Duration: Jun 6 2021Jun 11 2021

Keywords

  • Image classification
  • Locally optimal tests
  • Neural networks
  • Universal adversarial perturbations

ASJC Scopus subject areas

  • Software
  • Signal Processing
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Locally Optimal Detection of Stochastic Targeted Universal Adversarial Perturbations'. Together they form a unique fingerprint.

Cite this