Abstract
We propose a detector of adversarial samples that is based on the view of neural networks as discrete dynamic systems. The detector tells clean inputs from abnormal ones by comparing the discrete vector fields they follow through the layers. We also show that regularizing this vector field during training makes the network more regular on the data distribution’s support, thus making the activations of clean inputs more distinguishable from those of abnormal ones. Experimentally, we compare our detector favorably to other detectors on seen and unseen attacks, and show that the regularization of the network’s dynamics improves the performance of adversarial detectors that use the internal embeddings as inputs, while also improving test accuracy.
Author supplied keywords
Cite
CITATION STYLE
Karkar, S., Gallinari, P., & Rakotomamonjy, A. (2023). Adversarial Sample Detection Through Neural Network Transport Dynamics. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 14169 LNAI, pp. 164–181). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-43412-9_10
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
