Deep learning has recently become the state of the art in many com-puter vision applications and in image classification in particular. However, recent works have shown that it is quite easy to create adversarial examples, i.e., images intentionally created or modified to cause the deep neural network to make a mistake. They are like optical illusions for machines containing changes unnoticeable to the human eye. This represents a serious threat for machine learn-ing methods. In this paper, we investigate the robustness of the representations learned by the fooled neural network, analyzing the activations of its hidden layers. Specifically, we tested scoring approaches used for kNN classification, in order to distinguishing between correctly classified authentic images and adversarial ex-amples. The results show that hidden layers activations can be used to detect incorrect classifications caused by adversarial attacks.
Mendeley saves you time finding and organizing research
Choose a citation style from the tabs below