Random ensemble of locally optimum detectors for detection of adversarial examples

Amish Goel; Pierre Moulin

doi:10.1109/GlobalSIP.2018.8646479

Random ensemble of locally optimum detectors for detection of adversarial examples

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Deep neural networks achieve state-of-the-art performance for several image classification problems but have been shown to be easily fooled by adversarial perturbations which slightly modify a legitimate image in a specific direction and are visually indistinguishable from the original. This presents a security risk for applications such as autonomous systems. We tackle the problem of detecting such »forgeries» using a locally optimal detector which is well suited to detecting weak signal perturbations. We present a procedure for learning the forgery detector from a training set, using Gaussian Mixture Models (GMM) for modeling image patches. A random ensemble of patches is used for detection of the forgery. The reliability of our forgery detector is assessed for several image classification tasks.

Original language	English (US)
Title of host publication	2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1189-1193
Number of pages	5
ISBN (Electronic)	9781728112954
DOIs	https://doi.org/10.1109/GlobalSIP.2018.8646479
State	Published - Feb 20 2019
Event	2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Anaheim, United States Duration: Nov 26 2018 → Nov 29 2018

Publication series

Name	2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings

Conference

Conference	2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018
Country	United States
City	Anaheim
Period	11/26/18 → 11/29/18

ASJC Scopus subject areas

Information Systems
Signal Processing

Access to Document

10.1109/GlobalSIP.2018.8646479

Fingerprint Dive into the research topics of 'Random ensemble of locally optimum detectors for detection of adversarial examples'. Together they form a unique fingerprint.

Cite this

Goel, A., & Moulin, P. (2019). Random ensemble of locally optimum detectors for detection of adversarial examples. In 2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings (pp. 1189-1193). [8646479] (2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/GlobalSIP.2018.8646479

Random ensemble of locally optimum detectors for detection of adversarial examples. / Goel, Amish; Moulin, Pierre.

2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. p. 1189-1193 8646479 (2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Goel, A & Moulin, P 2019, Random ensemble of locally optimum detectors for detection of adversarial examples. in 2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings., 8646479, 2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 1189-1193, 2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018, Anaheim, United States, 11/26/18. https://doi.org/10.1109/GlobalSIP.2018.8646479

Goel A, Moulin P. Random ensemble of locally optimum detectors for detection of adversarial examples. In 2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2019. p. 1189-1193. 8646479. (2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings). https://doi.org/10.1109/GlobalSIP.2018.8646479

Goel, Amish ; Moulin, Pierre. / Random ensemble of locally optimum detectors for detection of adversarial examples. 2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 1189-1193 (2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings).

@inproceedings{64c9d26928fb48ad94b22473c2f09b30,

title = "Random ensemble of locally optimum detectors for detection of adversarial examples",

abstract = "Deep neural networks achieve state-of-the-art performance for several image classification problems but have been shown to be easily fooled by adversarial perturbations which slightly modify a legitimate image in a specific direction and are visually indistinguishable from the original. This presents a security risk for applications such as autonomous systems. We tackle the problem of detecting such »forgeries» using a locally optimal detector which is well suited to detecting weak signal perturbations. We present a procedure for learning the forgery detector from a training set, using Gaussian Mixture Models (GMM) for modeling image patches. A random ensemble of patches is used for detection of the forgery. The reliability of our forgery detector is assessed for several image classification tasks.",

author = "Amish Goel and Pierre Moulin",

year = "2019",

month = feb,

day = "20",

doi = "10.1109/GlobalSIP.2018.8646479",

language = "English (US)",

series = "2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1189--1193",

booktitle = "2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings",

address = "United States",

note = "2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 ; Conference date: 26-11-2018 Through 29-11-2018",

}

TY - GEN

T1 - Random ensemble of locally optimum detectors for detection of adversarial examples

AU - Goel, Amish

AU - Moulin, Pierre

PY - 2019/2/20

Y1 - 2019/2/20

N2 - Deep neural networks achieve state-of-the-art performance for several image classification problems but have been shown to be easily fooled by adversarial perturbations which slightly modify a legitimate image in a specific direction and are visually indistinguishable from the original. This presents a security risk for applications such as autonomous systems. We tackle the problem of detecting such »forgeries» using a locally optimal detector which is well suited to detecting weak signal perturbations. We present a procedure for learning the forgery detector from a training set, using Gaussian Mixture Models (GMM) for modeling image patches. A random ensemble of patches is used for detection of the forgery. The reliability of our forgery detector is assessed for several image classification tasks.

AB - Deep neural networks achieve state-of-the-art performance for several image classification problems but have been shown to be easily fooled by adversarial perturbations which slightly modify a legitimate image in a specific direction and are visually indistinguishable from the original. This presents a security risk for applications such as autonomous systems. We tackle the problem of detecting such »forgeries» using a locally optimal detector which is well suited to detecting weak signal perturbations. We present a procedure for learning the forgery detector from a training set, using Gaussian Mixture Models (GMM) for modeling image patches. A random ensemble of patches is used for detection of the forgery. The reliability of our forgery detector is assessed for several image classification tasks.

UR - http://www.scopus.com/inward/record.url?scp=85063094472&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85063094472&partnerID=8YFLogxK

U2 - 10.1109/GlobalSIP.2018.8646479

DO - 10.1109/GlobalSIP.2018.8646479

M3 - Conference contribution

AN - SCOPUS:85063094472

T3 - 2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings

SP - 1189

EP - 1193

BT - 2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2018 IEEE Global Conference on Signal and Information Processing, GlobalSIP 2018

Y2 - 26 November 2018 through 29 November 2018

ER -