Detecting adversarial example attacks to deep neural networks

  • Carrara F
  • Falchi F
  • Caldelli R
 et al. 
  • 30


    Mendeley users who have this article in their library.
  • 0


    Citations of this article.


Deep learning has recently become the state of the art in many com-puter vision applications and in image classification in particular. However, recent works have shown that it is quite easy to create adversarial examples, i.e., images intentionally created or modified to cause the deep neural network to make a mistake. They are like optical illusions for machines containing changes unnoticeable to the human eye. This represents a serious threat for machine learn-ing methods. In this paper, we investigate the robustness of the representations learned by the fooled neural network, analyzing the activations of its hidden layers. Specifically, we tested scoring approaches used for kNN classification, in order to distinguishing between correctly classified authentic images and adversarial ex-amples. The results show that hidden layers activations can be used to detect incorrect classifications caused by adversarial attacks.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Fabio Carrara

  • Fabrizio Falchi

  • Roberto Caldelli

  • Giuseppe Amato

  • Roberta Fumarola

  • Rudy Becarelli

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free