(2020) SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems.
|
Text
SentiNet_DLS2020.pdf - Published Version Download (5MB) | Preview |
Abstract
SentiNet is a novel detection framework for localized universal attacks on neural networks. These attacks restrict adversarial noise to contiguous portions of an image and are reusable with different images—constraints that prove useful for generating physically-realizable attacks. Unlike most other works on adversarial detection, SentiNet does not require training a model or preknowledge of an attack prior to detection. Our approach is appealing due to the large number of possible mechanisms and attack-vectors that an attack-specific defense would have to consider. By leveraging the neural network’s susceptibility to attacks and by using techniques from model interpretability and object detection as detection mechanisms, SentiNet turns a weakness of a model into a strength. We demonstrate the effectiveness of SentiNet on three different attacks—i.e., data poisoning attacks, trojaned networks, and adversarial patches (including physically realizable attacks)—and show that our defense is able to achieve very competitive performance metrics for all three threats. Finally, we show that SentiNet is robust against strong adaptive adversaries, who build adversarial patches that specifically target the components of SentiNet’s architecture.
| Item Type: | Conference or Workshop Item (A Paper) (Paper) |
|---|---|
| Divisions: | Giancarlo Pellegrino (GP) |
| Conference: | IEEE SPW IEEE Symposium on Security and Privacy Workshops |
| Depositing User: | Giancarlo Pellegrino |
| Date Deposited: | 25 Sep 2020 08:48 |
| Last Modified: | 25 Sep 2020 09:51 |
| Primary Research Area: | NRA1: Trustworthy Information Processing |
| URI: | https://publications.cispa.saarland/id/eprint/3223 |
Actions
Actions (login required)
 |
View Item |