Deep neural networks (DNNs) have been shown to be vulnerable against adversarial examples (AEs), which are maliciously designed cause dramatic model output errors. In this work, we reveal that normal (NEs) insensitive the fluctuations occurring at highly-curved region of decision boundary, while AEs typically over one single domain (mostly spatial domain) exhibit exorbitant sensitivity on such fluctuations. This phenomenon motivates us design another classifier (called dual classifier) with transformed can collaboratively used original primal detect AEs, by virtue inconsistency. When comparing state-of-the-art algorithms based Local Intrinsic Dimensionality (LID), Mahalanobis Distance (MD), and Feature Squeezing (FS), our proposed Sensitivity Inconsistency Detector (SID) achieves improved AE detection performance superior generalization capabilities, especially in challenging cases where perturbation levels small. Intensive experimental results ResNet VGG validate superiority SID.

Load

Load