Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks

Fatemeh Sheikholeslami; Swayambhoo Jain; Georgios B. Giannakis

doi:10.1109/ITA50056.2020.9244964

Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks

Fatemeh Sheikholeslami, Swayambhoo Jain, Georgios B. Giannakis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Despite their unprecedented performance in various domains, utilization of Deep Neural Networks (DNNs) in safety-critical environments is severely limited in the presence of even small adversarial perturbations. The present work develops a randomized approach to detecting such perturbations based on minimum uncertainty metrics that rely on sampling at the hidden layers during the DNN inference stage. Inspired by Bayesian approaches to uncertainty estimation, the sampling probabilities are designed for effective detection of the adversarially corrupted inputs. Being modular, the novel detector of adversaries can be conveniently employed by any pre-trained DNN at no extra training overhead. Selecting which units to sample per hidden layer entails quantifying the amount of DNN output uncertainty, where the overall uncertainty is expressed in terms of its layer-wise components-what also promotes scalability. Sampling probabilities are then sought by minimizing uncertainty measures layer-by-layer, leading to a novel convex optimization problem that admits an exact solver with superlinear convergence rate. By simplifying the objective function, low-complexity approximate solvers are also developed. In addition to valuable insights, these approximations link the novel approach with state-of-the-art randomized adversarial detectors. The effectiveness of the novel detectors in the context of competing alternatives is highlighted through extensive tests for various types of adversarial attacks with variable levels of strength.

Original language	English (US)
Title of host publication	2020 Information Theory and Applications Workshop, ITA 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781728141909
DOIs	https://doi.org/10.1109/ITA50056.2020.9244964
State	Published - Feb 2 2020
Externally published	Yes
Event	2020 Information Theory and Applications Workshop, ITA 2020 - San Diego, United States Duration: Feb 2 2020 → Feb 7 2020

Publication series

Name	2020 Information Theory and Applications Workshop, ITA 2020

Conference

Conference	2020 Information Theory and Applications Workshop, ITA 2020
Country	United States
City	San Diego
Period	2/2/20 → 2/7/20

Bibliographical note

Funding Information:
Part of this work was done during a summer research internship at Technicolor AI Lab in Palo Alto, CA-USA. This research was supported in part by NSF grant 151405n6, 1505970, 1901134, and 1711471.

Funding Information:
• Part of this work was done during a summer research internship at Technicolor AI Lab in Palo Alto, CA - USA. This research was supported in part by NSF grant 151405\6, 1505970, 1901134, and 1711471. Author emails: sheik081@umn.edu, swayambhoo.jain@gmail.com, georgios@umn.edu

Publisher Copyright:
© 2020 IEEE.

Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.

Keywords

Adversarial input
Bayesian neural networks
attack detection
uncertainty estimation

Access

10.1109/ITA50056.2020.9244964

Fingerprint Dive into the research topics of 'Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks'. Together they form a unique fingerprint.

Cite this

Sheikholeslami, F., Jain, S., & Giannakis, G. B. (2020). Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks. In 2020 Information Theory and Applications Workshop, ITA 2020 [9244964] (2020 Information Theory and Applications Workshop, ITA 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ITA50056.2020.9244964

Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks. / Sheikholeslami, Fatemeh; Jain, Swayambhoo; Giannakis, Georgios B.

2020 Information Theory and Applications Workshop, ITA 2020. Institute of Electrical and Electronics Engineers Inc., 2020. 9244964 (2020 Information Theory and Applications Workshop, ITA 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sheikholeslami, F, Jain, S & Giannakis, GB 2020, Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks. in 2020 Information Theory and Applications Workshop, ITA 2020., 9244964, 2020 Information Theory and Applications Workshop, ITA 2020, Institute of Electrical and Electronics Engineers Inc., 2020 Information Theory and Applications Workshop, ITA 2020, San Diego, United States, 2/2/20. https://doi.org/10.1109/ITA50056.2020.9244964

@inproceedings{b1f96233da5d4d46a74c524fd1394ece,

title = "Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks",

abstract = "Despite their unprecedented performance in various domains, utilization of Deep Neural Networks (DNNs) in safety-critical environments is severely limited in the presence of even small adversarial perturbations. The present work develops a randomized approach to detecting such perturbations based on minimum uncertainty metrics that rely on sampling at the hidden layers during the DNN inference stage. Inspired by Bayesian approaches to uncertainty estimation, the sampling probabilities are designed for effective detection of the adversarially corrupted inputs. Being modular, the novel detector of adversaries can be conveniently employed by any pre-trained DNN at no extra training overhead. Selecting which units to sample per hidden layer entails quantifying the amount of DNN output uncertainty, where the overall uncertainty is expressed in terms of its layer-wise components-what also promotes scalability. Sampling probabilities are then sought by minimizing uncertainty measures layer-by-layer, leading to a novel convex optimization problem that admits an exact solver with superlinear convergence rate. By simplifying the objective function, low-complexity approximate solvers are also developed. In addition to valuable insights, these approximations link the novel approach with state-of-the-art randomized adversarial detectors. The effectiveness of the novel detectors in the context of competing alternatives is highlighted through extensive tests for various types of adversarial attacks with variable levels of strength.",

keywords = "Adversarial input, Bayesian neural networks, attack detection, uncertainty estimation",

author = "Fatemeh Sheikholeslami and Swayambhoo Jain and Giannakis, {Georgios B.}",

note = "Funding Information: Part of this work was done during a summer research internship at Technicolor AI Lab in Palo Alto, CA-USA. This research was supported in part by NSF grant 151405n6, 1505970, 1901134, and 1711471. Funding Information: • Part of this work was done during a summer research internship at Technicolor AI Lab in Palo Alto, CA - USA. This research was supported in part by NSF grant 151405\6, 1505970, 1901134, and 1711471. Author emails: sheik081@umn.edu, swayambhoo.jain@gmail.com, georgios@umn.edu Publisher Copyright: {\textcopyright} 2020 IEEE. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.; 2020 Information Theory and Applications Workshop, ITA 2020 ; Conference date: 02-02-2020 Through 07-02-2020",

year = "2020",

month = feb,

day = "2",

doi = "10.1109/ITA50056.2020.9244964",

language = "English (US)",

series = "2020 Information Theory and Applications Workshop, ITA 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2020 Information Theory and Applications Workshop, ITA 2020",

}

TY - GEN

T1 - Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks

AU - Sheikholeslami, Fatemeh

AU - Jain, Swayambhoo

AU - Giannakis, Georgios B.

N1 - Funding Information: Part of this work was done during a summer research internship at Technicolor AI Lab in Palo Alto, CA-USA. This research was supported in part by NSF grant 151405n6, 1505970, 1901134, and 1711471. Funding Information: • Part of this work was done during a summer research internship at Technicolor AI Lab in Palo Alto, CA - USA. This research was supported in part by NSF grant 151405\6, 1505970, 1901134, and 1711471. Author emails: sheik081@umn.edu, swayambhoo.jain@gmail.com, georgios@umn.edu Publisher Copyright: © 2020 IEEE. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.

PY - 2020/2/2

Y1 - 2020/2/2

N2 - Despite their unprecedented performance in various domains, utilization of Deep Neural Networks (DNNs) in safety-critical environments is severely limited in the presence of even small adversarial perturbations. The present work develops a randomized approach to detecting such perturbations based on minimum uncertainty metrics that rely on sampling at the hidden layers during the DNN inference stage. Inspired by Bayesian approaches to uncertainty estimation, the sampling probabilities are designed for effective detection of the adversarially corrupted inputs. Being modular, the novel detector of adversaries can be conveniently employed by any pre-trained DNN at no extra training overhead. Selecting which units to sample per hidden layer entails quantifying the amount of DNN output uncertainty, where the overall uncertainty is expressed in terms of its layer-wise components-what also promotes scalability. Sampling probabilities are then sought by minimizing uncertainty measures layer-by-layer, leading to a novel convex optimization problem that admits an exact solver with superlinear convergence rate. By simplifying the objective function, low-complexity approximate solvers are also developed. In addition to valuable insights, these approximations link the novel approach with state-of-the-art randomized adversarial detectors. The effectiveness of the novel detectors in the context of competing alternatives is highlighted through extensive tests for various types of adversarial attacks with variable levels of strength.

AB - Despite their unprecedented performance in various domains, utilization of Deep Neural Networks (DNNs) in safety-critical environments is severely limited in the presence of even small adversarial perturbations. The present work develops a randomized approach to detecting such perturbations based on minimum uncertainty metrics that rely on sampling at the hidden layers during the DNN inference stage. Inspired by Bayesian approaches to uncertainty estimation, the sampling probabilities are designed for effective detection of the adversarially corrupted inputs. Being modular, the novel detector of adversaries can be conveniently employed by any pre-trained DNN at no extra training overhead. Selecting which units to sample per hidden layer entails quantifying the amount of DNN output uncertainty, where the overall uncertainty is expressed in terms of its layer-wise components-what also promotes scalability. Sampling probabilities are then sought by minimizing uncertainty measures layer-by-layer, leading to a novel convex optimization problem that admits an exact solver with superlinear convergence rate. By simplifying the objective function, low-complexity approximate solvers are also developed. In addition to valuable insights, these approximations link the novel approach with state-of-the-art randomized adversarial detectors. The effectiveness of the novel detectors in the context of competing alternatives is highlighted through extensive tests for various types of adversarial attacks with variable levels of strength.

KW - Adversarial input

KW - Bayesian neural networks

KW - attack detection

KW - uncertainty estimation

UR - http://www.scopus.com/inward/record.url?scp=85097328975&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85097328975&partnerID=8YFLogxK

U2 - 10.1109/ITA50056.2020.9244964

DO - 10.1109/ITA50056.2020.9244964

M3 - Conference contribution

AN - SCOPUS:85097328975

T3 - 2020 Information Theory and Applications Workshop, ITA 2020

BT - 2020 Information Theory and Applications Workshop, ITA 2020

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2020 Information Theory and Applications Workshop, ITA 2020

Y2 - 2 February 2020 through 7 February 2020

ER -

Minimum Uncertainty Based Detection of Adversaries in Deep Neural Networks

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access

Other files and links

Cite this