Adversarial example detection based on saliency map features

In recent years, machine learning has greatly improved image recognition capability. However, studies have shown that neural network models are vulnerable to adversarial examples that make models output wrong answers with high confidence. To understand the vulnerabilities of models, we use interpretability methods to reveal the internal decision-making behaviors of models. Interpretation results reflect that the evolutionary process of nonnormalized saliency maps between clean and adversarial examples are increasingly differentiated along model hidden layers. By taking advantage of this phenomenon, we propose an adversarial example detection method based on multilayer saliency features, which can comprehensively capture the abnormal characteristics of adversarial example interpretations. Experimental results show that the proposed method can effectively detect adversarial examples based on gradient, optimization and black-box attacks, and it is comparable with the state-of-the-art methods.

Automated summary

In recent years, machine learning has significantly enhanced image recognition capabilities, but has also revealed vulnerabilities in neural network models to adversarial examples. By utilizing interpretability methods to reveal internal decision-making behaviors of models, researchers were able to propose an effective method for detecting adversarial examples based on multilayer saliency features. Experimental results demonstrated the method's capability to effectively detect adversarial examples across various attack scenarios, comparable to state-of-the-art methods.