Omni-detection of adversarial examples with diverse magnitudes

Deep neural networks (DNNs) are potentially susceptible to adversarial examples that are maliciously manipulated by adding imperceptible perturbations to legitimate inputs, leading to abnormal behavior of models. Plenty of methods have been proposed to defend against adversarial examples. However, the majority of them are suffering the following weaknesses: 1) lack of generalization and practicality. 2) fail to deal with unknown attacks. To address the above issues, we design the adversarial nature eraser (ANE) and feature map detector (FMD) to detect fragile and high-intensity adversarial examples, respectively. Then, we apply the ensemble learning method to compose our detector, dealing with adversarial examples with diverse magnitudes in a divide-and-conquer manner. Experimental results show that our approach achieves 99.30% and 99.62% Area under Curve (AUC) scores on average when tested with various L p norm-based attacks on CIFAR-10 and ImageNet, respectively. Furthermore, our approach also shows its potential in detecting unknown attacks.