Identifying Attack-Specific Signatures in Adversarial Examples

The adversarial attack literature contains numerous algorithms for crafting perturbations which manipulate neural network predictions. Many of these adversarial attacks optimize inputs with the same constraints and have similar downstream impact on the models they attack. In this work, we first show...

Full description

Saved in:
Bibliographic Details
Main Authors: Souri, Hossein, Khorramshahi, Pirazh, Lau, Chun Pong, Goldblum, Micah, Chellappa, Rama
Format: Conference Proceeding
Language:English
Subjects:
Acoustics
Adversarial Attacks
Adversarial Examples
Neural networks
Perturbation methods
Pipelines
Prediction algorithms
Security
Signal processing
Signal processing algorithms
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The adversarial attack literature contains numerous algorithms for crafting perturbations which manipulate neural network predictions. Many of these adversarial attacks optimize inputs with the same constraints and have similar downstream impact on the models they attack. In this work, we first show how to reconstruct an adversarial perturbation, namely the difference between an adversarial example and the original natural image, from an adversarial example. Then, we classify reconstructed adversarial perturbations based on the algorithm that generated them. This pipeline, REDRL, can detect the attack algorithm used to generate a sample from only the sample itself. The ability to determine which algorithm generated an example implies that different attack algorithms actually produce unique signatures in their adversarial examples.
ISSN:2379-190X
DOI:10.1109/ICASSP48485.2024.10446989