Interpretation Area-Guided Detection of Adversarial Samples

摘要

Deep learning systems are known to be vulnerable to adversarial samples, which are implemented to change the prediction results by adding small perturbations to benign samples. It is significant to defend against an adversarial attack in critical fields such as automatic drive. In this paper, we propose an interpretation area-guided detection method of adversarial samples, which can improve the performance of the typical feature squeezing method by combining the generated interpretation results. Specifically, we divide the input image into two main parts, the interpretation part, and the non-interpretation part. Then we only squeeze the non-interpretation part, which can reduce the side-effect for benign samples. We evaluate our approach on two widely used datasets, and the results demonstrate that our approach outperforms the original feature squeezing method.