WeChat Mini Program
Old Version Features

    • CIGA: Detecting Adversarial Samples Via Critical Inference Graph Analysis

    Fei Zhang, Zhe Li, Yahang Hu,Yaohua Wang

    Annual Computer Security Applications Conference(2024)

    National University of Defense Technology

    Cited 0|Views1
    Abstract
    Deep neural networks (DNNs) exhibit significant vulnerability under adversarial sample attacks, where carefully crafted small perturbations added to benign samples lead to misclassification during testing. A large amount of work has been proposed to detect adversarial samples. However, existing works primarily rely on data or activation features of DNNs, focusing only on the impact of individual neurons at each layer while neglecting the effects of inter-layer correlations on decisions. Our key observation is that benign and adversarial samples tend to experience not only distinctive neurons in each layer but also different connection patterns among different layers during inference. Leveraging this insight, we extract Critical Inference Graphs (CIGs) of samples from DNNs. Based on the statistical features of CIGs, we analyze the data features of each layer and the structural features between layers during the classification process. We then propose an unsupervised adversarial sample detection algorithm via CIG Analysis (CIGA). We evaluate CIGA against 7 white-box attacks, 2 black-box attacks and 1 real-world attack. We also compare CIGA with six state-of-the-art (SOTA) detection algorithms. The experimental results demonstrate that our proposed CIGA maintains high sensitivity (over 90%) while keeping a low false positive rate (below 3%) across all attacks, showing better generalization performance compared to SOTA algorithms.
    More
    Translated text
    Key words
    Deep Neural Networks,Robustness,Adversarial Attack,Adversarial Samples,Detection
    求助PDF
    上传PDF
    View via Publisher
    Bibtex
    AI Read Science
    AI Summary
    AI Summary is the key point extracted automatically understanding the full text of the paper, including the background, methods, results, conclusions, icons and other key content, so that you can get the outline of the paper at a glance.
    Example
    Background
    Key content
    Introduction
    Methods
    Results
    Related work
    Fund
    Key content
    • Pretraining has recently greatly promoted the development of natural language processing (NLP)
    • We show that M6 outperforms the baselines in multimodal downstream tasks, and the large M6 with 10 parameters can reach a better performance
    • We propose a method called M6 that is able to process information of multiple modalities and perform both single-modal and cross-modal understanding and generation
    • The model is scaled to large model with 10 billion parameters with sophisticated deployment, and the 10 -parameter M6-large is the largest pretrained model in Chinese
    • Experimental results show that our proposed M6 outperforms the baseline in a number of downstream tasks concerning both single modality and multiple modalities We will continue the pretraining of extremely large models by increasing data to explore the limit of its performance
    Upload PDF to Generate Summary
    Must-Reading Tree
    Example
    Generate MRT to find the research sequence of this paper
    Data Disclaimer
    The page data are from open Internet sources, cooperative publishers and automatic analysis results through AI technology. We do not make any commitments and guarantees for the validity, accuracy, correctness, reliability, completeness and timeliness of the page data. If you have any questions, please contact us by email: report@aminer.cn
    Chat Paper
    Summary is being generated by the instructions you defined