Detecting adversarial examples through nonlinear dimensionality reduction
Biggio B.
2019-01-01
Abstract
Deep neural networks are vulnerable to adversarial examples, i.e., carefully-perturbed inputs aimed to mislead classification. This work proposes a detection method based on combining non-linear dimensionality reduction and density estimation techniques. Our empirical findings show that the proposed approach is able to effectively detect adversarial examples crafted by non-adaptive attackers, i.e., not specifically tuned to bypass the detection method. Given our promising results, we plan to extend our analysis to adaptive attackers in future work.File | Dimensione | Formato | |
---|---|---|---|
crecchi19-esann.pdf accesso aperto
Tipologia: versione pre-print
Dimensione 552.39 kB
Formato Adobe PDF
|
552.39 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.