Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

SpectralDefense: Detecting Adversarial Attacks on CNNs in the Fourier Domain

 
: Harder, Paula; Pfreundt, Franz-Josef; Keuper, Margret; Keuper, Janis

:

Institute of Electrical and Electronics Engineers -IEEE-; International Neural Network Society; IEEE Computational Intelligence Society:
International Joint Conference on Neural Networks, IJCNN 2021. Proceedings : Virtual Event, 18-22 July 2021
Piscataway, NJ: IEEE, 2021
ISBN: 978-1-6654-4597-9
ISBN: 978-1-6654-3900-8
ISBN: 978-0-7381-3366-9
pp.1420-1427
International Joint Conference on Neural Networks (IJCNN) <2021, Online>
English
Conference Paper
Fraunhofer ITWM ()
adversarial attacks; adversarial detection; image classification; convolutional neural network

Abstract
Despite the success of convolutional neural networks (CNNs) in many computer vision and image analysis tasks, they remain vulnerable against so-called adversarial attacks: Small, crafted perturbations in the input images can lead to false predictions. A possible defense is to detect adversarial examples. In this work, we show how analysis in the Fourier domain of input images and feature maps can be used to distinguish benign test samples from adversarial images. We propose two novel detection methods: Our first method employs the magnitude spectrum of the input images to detect an adversarial attack. This simple and robust classifier can successfully detect adversarial perturbations of three commonly used attack methods. The second method builds upon the first and additionally extracts the phase of Fourier coefficients of feature-maps at different layers of the network. With this extension, we are able to improve adversarial detection rates compared to state-of-the-art detectors on five different attack methods. The code for the methods proposed in the paper is available at github.com/paulaharder/SpectralAdversarialDefense.

: http://publica.fraunhofer.de/documents/N-642916.html