Abstract
Adversarial attacks present a significant threat to modern machine learning systems. Yet, existing detection methods often lack the ability to detect unseen attacks or detect different attack types with a high level of accuracy. In this work, we propose a statistical approach that establishes a detection baseline before a neural network's deployment, enabling effective real-time adversarial detection. We generate a metric of adversarial presence by comparing the behavior of a compressed/uncompressed neural network pair. Our method has been tested against state-of-the-art techniques, and it achieves near-perfect detection across a wide range of attack types. Moreover, it significantly reduces false positives, making it both reliable and practical for real-world applications.
Abstract (translated)
对抗性攻击对现代机器学习系统构成了重大威胁。然而,现有的检测方法通常缺乏检测未见过的攻击或以高精度检测不同类型的攻击的能力。在这项工作中,我们提出了一种统计方法,在神经网络部署之前建立一个检测基线,从而能够进行有效的实时对抗性检测。通过比较压缩和未压缩的一对神经网络的行为,我们生成了一个衡量对抗性存在的指标。我们的方法已经经过最先进的技术测试,并在广泛的攻击类型中实现了近乎完美的检测率。此外,它大大减少了误报,使其既可靠又实用,适合实际应用。
URL
https://arxiv.org/abs/2510.02707
