IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v10y2018i3p26-d134935.html
   My bibliography  Save this article

TwinNet: A Double Sub-Network Framework for Detecting Universal Adversarial Perturbations

Author

Listed:
  • Yibin Ruan

    (School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China)

  • Jiazhu Dai

    (School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China)

Abstract

Deep neural network has achieved great progress on tasks involving complex abstract concepts. However, there exist adversarial perturbations, which are imperceptible to humans, which can tremendously undermine the performance of deep neural network classifiers. Moreover, universal adversarial perturbations can even fool classifiers on almost all examples with just a single perturbation vector. In this paper, we propose TwinNet, a framework for neural network classifiers to detect such adversarial perturbations. TwinNet makes no modification of the protected classifier. It detects adversarially perturbated examples by enhancing different types of features in dedicated networks and fusing the output of the networks later. The paper empirically shows that our framework can identify adversarial perturbations effectively with a slight loss in accuracy when predicting normal examples, which outperforms state-of-the-art works.

Suggested Citation

  • Yibin Ruan & Jiazhu Dai, 2018. "TwinNet: A Double Sub-Network Framework for Detecting Universal Adversarial Perturbations," Future Internet, MDPI, vol. 10(3), pages 1-13, March.
    • Handle: RePEc:gam:jftint:v:10:y:2018:i:3:p:26-:d:134935
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/10/3/26/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/10/3/26/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:10:y:2018:i:3:p:26-:d:134935. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.