Detecting adversarial manipulation using inductive Venn-ABERS predictors

Inductive Venn-ABERS predictors (IVAPs) are a type of probabilistic predictors with the theoretical guarantee that their predictions are perfectly calibrated. In this paper, we propose to exploit this calibration property for the detection of adversarial examples in binary classification tasks. By rejecting predictions if the uncertainty of the IVAP is too high, we obtain an algorithm that is both accurate on the original test set and resistant to adversarial examples. This robustness is observed on adversarials for the underlying model as well as adversarials that were generated by taking the IVAP into account. The method appears to offer competitive robustness compared to the state-of-the-art in adversarial defense yet it is computationally much more tractable

Implementation of techniques for adversarial detection in image classification

Deep neural networks (DNNs) have recently led to significant improvement in many areas of machine learning, from speech recognition to computer vision. Recently, it was shown that machine learning classifiers are highly vulnerable to adversarial examples. An adversarial example is a sample of input data which has been modified very slightly in a way that is intended to cause a machine learning classifier to misclassify it. These adversarial examples are relatively robust and are shared by different neural networks with many number of layers, activations or trained on different subsets of the training data. They could be used to perform an attack on machine learning systems, even if the adversary has no access to the underlying model. In this thesis we’ll explore the nature of these adversarial images, we’ll describe the methods that generate fooling examples and the techniques used to make more robust a DNN. In addiction, we'll present our studies about adversarials, which consist in the exploration of the features space of the images according to the euclidean distances, in order to detected them and make a possible solution to help a neural network in classification task

InfoMixup : An Intuitive and Information-Driven Approach to Robust Generalization

The discovery of Adversarial Examples — data points which are easily recognized by humans, but which fool artificial classifiers with ease, is relatively new in the world of machine learning. Corruptions imperceptible to the human eye are often sufficient to fool state of the art classifiers. The resolution of this problem has been the subject of a great deal of research in recent years as the prevalence of Deep Neural Networks grows in everyday systems. To this end, we propose InfoMixup , a novel method to improve the robustness of Deep Neural Networks without significantly affecting performance on clean samples. Our work is focused in the domain of image classification, a popular target in contemporary literature due to the proliferation of Deep Neural Networks in modern products. We show that our method achieves state of the art improvements in robustness against a variety of attacks under several measures