Timezone: »
We investigate conditions under which test statistics exist that can reliably detect examples, which have been adversarially manipulated in a white-box attack. These statistics can be easily computed and calibrated by randomly corrupting inputs. They exploit certain anomalies that adversarial attacks introduce, in particular if they follow the paradigm of choosing perturbations optimally under p-norm constraints. Access to the log-odds is the only requirement to defend models. We justify our approach empirically, but also provide conditions under which detectability via the suggested test statistics is guaranteed to be effective. In our experiments, we show that it is even possible to correct test time predictions for adversarial attacks with high accuracy.
Author Information
Kevin Roth (ETH Zurich)
Yannic Kilcher (ETH Zurich)
Thomas Hofmann (ETH Zurich)
Related Events (a corresponding poster, oral, or spotlight)
-
2019 Poster: The Odds are Odd: A Statistical Test for Detecting Adversarial Examples »
Thu. Jun 13th 01:30 -- 04:00 AM Room Pacific Ballroom #62
More from the Same Authors
-
2021 : A Primer on Multi-Neuron Relaxation-based Adversarial Robustness Certification »
Kevin Roth -
2022 Poster: How Tempering Fixes Data Augmentation in Bayesian Neural Networks »
Gregor Bachmann · Lorenzo Noci · Thomas Hofmann -
2022 Oral: How Tempering Fixes Data Augmentation in Bayesian Neural Networks »
Gregor Bachmann · Lorenzo Noci · Thomas Hofmann -
2021 Poster: Uniform Convergence, Adversarial Spheres and a Simple Remedy »
Gregor Bachmann · Seyed Moosavi · Thomas Hofmann -
2021 Spotlight: Uniform Convergence, Adversarial Spheres and a Simple Remedy »
Gregor Bachmann · Seyed Moosavi · Thomas Hofmann -
2020 Poster: The k-tied Normal Distribution: A Compact Parameterization of Gaussian Mean Field Posteriors in Bayesian Neural Networks »
Jakub Swiatkowski · Kevin Roth · Bastiaan Veeling · Linh Tran · Joshua V Dillon · Jasper Snoek · Stephan Mandt · Tim Salimans · Rodolphe Jenatton · Sebastian Nowozin -
2020 Poster: How Good is the Bayes Posterior in Deep Neural Networks Really? »
Florian Wenzel · Kevin Roth · Bastiaan Veeling · Jakub Swiatkowski · Linh Tran · Stephan Mandt · Jasper Snoek · Tim Salimans · Rodolphe Jenatton · Sebastian Nowozin -
2018 Poster: A Distributed Second-Order Algorithm You Can Trust »
Celestine Mendler-Dünner · Aurelien Lucchi · Matilde Gargiani · Yatao Bian · Thomas Hofmann · Martin Jaggi -
2018 Oral: A Distributed Second-Order Algorithm You Can Trust »
Celestine Mendler-Dünner · Aurelien Lucchi · Matilde Gargiani · Yatao Bian · Thomas Hofmann · Martin Jaggi -
2018 Poster: Escaping Saddles with Stochastic Gradients »
Hadi Daneshmand · Jonas Kohler · Aurelien Lucchi · Thomas Hofmann -
2018 Poster: Hyperbolic Entailment Cones for Learning Hierarchical Embeddings »
Octavian-Eugen Ganea · Gary Becigneul · Thomas Hofmann -
2018 Oral: Escaping Saddles with Stochastic Gradients »
Hadi Daneshmand · Jonas Kohler · Aurelien Lucchi · Thomas Hofmann -
2018 Oral: Hyperbolic Entailment Cones for Learning Hierarchical Embeddings »
Octavian-Eugen Ganea · Gary Becigneul · Thomas Hofmann