Adversarial Examples Detection Using No-Reference Image Quality Features

Recently, it has been discovered that Deep Neural Networks (DNNs) are highly vulnerable to deliberate perturbations, which, when added to the input sample, can mislead the DNNs based systems. The corresponding samples with deliberate perturbations are called adversarial examples (AEs). The challenge of AEs is very critical in security and safety systems, which if fooled or misled can yield serious consequences. Therefore, it is essential to devise methods to enhance the robustness of DNNs against adversarial attacks. Quintessential mechanism is adversarial examples detection. An adversarial attack detection method aims at disambiguating clean samples from AEs. More recently, few techniques have been proposed in the literature, nonetheless majority of them are very complex or not able to attain low enough error rates. In this paper, we present a novel technique to improve the security of DNNs by detecting different types of AEs. The proposed framework presents a very low degree of complexity and utilizes ten nonintrusive image quality features to distinguish between legitimate and adversarial attack samples. Experimental analysis on the standard MNIST and CIFAR10 datasets shows promising results not only for different adversarial examples generation methods but also various additive perturbations.