基于激活特征的对抗样本检测方法

eep neural networks have brought great convenience to human beings, but due to their own fragility, there are extremely high security risks in the use process. An attacker can add tiny malicious perturbations to the input examples to induce the classifier to misclassify. Detection of adversarial examples is, therefore, a fundamental requirement for robust classification frameworks. This paper proposes an adversarial example detection method based on activation features. The key idea of this method is that compared with clean examples, adversarial examples have an abnormal trend in the forward propagation process inside the deep neural network, which can be used to detect adversarial examples. This method extracts the activation features of the intermediate layer of the classifier, processes the unified dimensions through the model and then splices them together, and then automatically extracts the features used to identify clean examples and adversarial examples through the long short-term memory network, which has good interpretability. This paper conducts experiments on the CIFAR-10 standard dataset, and uses visualization methods to specifically analyze the working principle of the detection model.