Timezone: »

 
Poster
Detecting Adversarial Data by Probing Multiple Perturbations Using Expected Perturbation Score
Shuhai Zhang · Feng Liu · Jiahao Yang · 逸凡 杨 · Changsheng Li · Bo Han · Mingkui Tan

Wed Jul 26 05:00 PM -- 06:30 PM (PDT) @ Exhibit Hall 1 #225
in Poster Session 4 »
Event URL: https://github.com/ZSHsh98/EPS-AD »

Adversarial detection aims to determine whether a given sample is an adversarial one based on the discrepancy between natural and adversarial distributions. Unfortunately, estimating or comparing two data distributions is extremely difficult, especially in high-dimension spaces. Recently, the gradient of log probability density (a.k.a., score) w.r.t. the sample is used as an alternative statistic to compute. However, we find that the score is sensitive in identifying adversarial samples due to insufficient information with one sample only. In this paper, we propose a new statistic called expected perturbation score (EPS), which is essentially the expected score of a sample after various perturbations. Specifically, to obtain adequate information regarding one sample, we perturb it by adding various noises to capture its multi-view observations. We theoretically prove that EPS is a proper statistic to compute the discrepancy between two samples under mild conditions. In practice, we can use a pre-trained diffusion model to estimate EPS for each sample. Last, we pro- pose an EPS-based adversarial detection (EPS- AD) method, in which we develop EPS-based maximum mean discrepancy (MMD) as a metric to measure the discrepancy between the test sample and natural samples. We also prove that the EPS-based MMD between natural and adversarial samples is larger than that among natural samples. Extensive experiments show the superior adversarial detection performance of our EPS-AD.

[ Slides [ PDF [ Poster

Author Information

Shuhai Zhang (SCUT)
Feng Liu (University of Melbourne/RIKEN-AIP)

I am a machine learning researcher with research interests in hypothesis testing and trustworthy machine learning. I am currently an Assistant Professor in Statistics (Data Science) at the School of Mathematics and Statistics, The University of Melbourne, Australia. We are also running the Trustworthy Machine Learning and Reasoning (TMLR) Lab where I am one of co-directors (see this page for details). In addition, I am a Visiting Scientist at RIKEN-AIP, Japan, and a Visting Fellow at DeSI Lab, Australian Artificial Intelligence Institute, University of Technology Sydney. I was the recipient of the Australian Laureate postdoctoral fellowship. I received my Ph.D. degree in computer science at the University of Technology Sydney in 2020, advised by Dist. Prof. Jie Lu and Prof. Guangquan Zhang. I was a research intern at the RIKEN-AIP, working on the robust domain adaptation project with Prof. Masashi Sugiyama, Dr. Gang Niu and Dr. Bo Han. I visited Gatsby Computational Neuroscience Unit at UCL and worked on the hypothesis testing project with Prof. Arthur Gretton, Dr. Danica J. Sutherland and Dr. Wenkai Xu. I have received the Outstanding Paper Award of NeurIPS (2022), the Outstanding Reviewer Award of NeurIPS (2021), the Outstanding Reviewer Award of ICLR (2021), the UTS-FEIT HDR Research Excellence Award (2019). My publications are mainly distributed in high-quality journals or conferences, such as Nature Communications, IEEE-TPAMI, IEEE-TNNLS, IEEE-TFS, NeurIPS, ICML, ICLR, KDD, IJCAI, and AAAI. I have served as a senior program committee (SPC) member for IJCAI, ECAI and program committee (PC) members for NeurIPS, ICML, ICLR, AISTATS, ACML, AAAI and so on. I also serve as reviewers for many academic journals, such as JMLR, IEEE-TPAMI, IEEE-TNNLS, IEEE-TFS and so on.

Jiahao Yang (South China University of Technology)
逸凡 杨
Changsheng Li (Beijing Institute of Technology)
Bo Han (HKBU / RIKEN)
Mingkui Tan (South China University of Technology)

More from the Same Authors