Deep Learning Based Adversarial Images Detection

Abstract

The threat of attack against deep learning based network is gradually strengthened in computer vision. The adversarial examples or images are produced by applying intentional a slight perturbation, which is not recognized by human, but can confuse the deep learning based classifier. To enhance the robustness of image classifier, we proposed several deep learning based algorithms (i.e., CNN-SVM, CNN-KNN, CNN-RF) to detect adversarial images. To improve the utilization rate of multi-layer features, an ensemble model based on two layer features generated by CNN is applied to detect adversarial examples. The accuracy, detection probability, fake alarm probability and miss probability are applied to evaluate our proposed algorithms. The results show that the ensemble model based on SVM can achieve the best performance (i.e., 94.5%) than other methods for testing remote sensing image dataset.