Adversarial Sample Detection for Deep Neural Network through Model Mutation Testing (1812.05793v2)

Abstract: Deep neural networks (DNN) have been shown to be useful in a wide range of applications. However, they are also known to be vulnerable to adversarial samples. By transforming a normal sample with some carefully crafted human imperceptible perturbations, even highly accurate DNN make wrong decisions. Multiple defense mechanisms have been proposed which aim to hinder the generation of such adversarial samples. However, a recent work show that most of them are ineffective. In this work, we propose an alternative approach to detect adversarial samples at runtime. Our main observation is that adversarial samples are much more sensitive than normal samples if we impose random mutations on the DNN. We thus first propose a measure of `sensitivity' and show empirically that normal samples and adversarial samples have distinguishable sensitivity. We then integrate statistical hypothesis testing and model mutation testing to check whether an input sample is likely to be normal or adversarial at runtime by measuring its sensitivity. We evaluated our approach on the MNIST and CIFAR10 datasets. The results show that our approach detects adversarial samples generated by state-of-the-art attacking methods efficiently and accurately.

• The paper introduces a novel framework that applies model mutation testing to identify adversarial inputs in deep neural networks.
• It details specific mutation strategies that reveal vulnerabilities and offer actionable insights for strengthening model robustness.
• Experimental results demonstrate that the proposed method significantly enhances detection accuracy compared to traditional approaches.

Overview of "Bare Demo of IEEEtran.cls for IEEE Communications Society Journals"

The paper presented is a demonstration article entitled "Bare Demo of IEEEtran.cls for IEEE Communications Society Journals," authored by Michael Shell, John Doe, and Jane Doe. It primarily functions as a preparatory guide for authors intending to submit their work to IEEE Communications Society journals, utilizing the IEEEtran.cls document class in \LaTeX.

Structural Overview

The document is structured to facilitate authors in familiarizing themselves with the IEEEtran.cls, version 1.8b, providing a template to help ensure compliance with IEEE publication standards. This template includes the main components necessary for a journal submission, such as title formatting, author listings, abstract placement, keyword tagging, and sectioning, which are critical for maintaining the uniformity expected in IEEE publications.

Technical Content and Guidance

This paper is not generating novel empirical results or theoretical advancements but serves a crucial role in the scholarly communication process. By standardizing the formatting requirements, it mitigates common submission errors related to structural issues, thereby streamlining the review process and maintaining consistency across publications.

Implications for Research Practice

The implications of this work are significant for the practical aspects of research dissemination. By offering a concrete structure, it aids in maximizing the clarity and professional presentation of research work. Standardized templates such as IEEEtran.cls contribute to heightened accessibility and readability of technical material, which is essential in dense technical fields like Electrical and Computer Engineering.

Future Developments

While the document acts as a practical guide, its effectiveness hinges on ongoing updates and community feedback to accommodate changes in template requirements. Future developments could explore more sophisticated features within \LaTeX\ that are tailored to emerging research fields and methodologies, enriching the submission experience and potentially integrating with automated review systems for preliminary formatting checks.

In summation, the "Bare Demo of IEEEtran.cls" is an indispensable tool for researchers targeting IEEE Communications Society journals, ensuring conformity to rigorous presentation standards and, thereby, enabling the emphasis to remain on the quality of research content itself.