Next Article in Journal
Security Awareness in Software-Defined Multi-Domain 5G Networks
Previous Article in Journal
Interference Management in Femtocells by the Adaptive Network Sensing Power Control Technique
Article Menu
Issue 3 (March) cover image

Export Article

Open AccessArticle
Future Internet 2018, 10(3), 26; https://doi.org/10.3390/fi10030026

TwinNet: A Double Sub-Network Framework for Detecting Universal Adversarial Perturbations

School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China
*
Author to whom correspondence should be addressed.
Received: 27 January 2018 / Revised: 22 February 2018 / Accepted: 28 February 2018 / Published: 6 March 2018
View Full-Text   |   Download PDF [4455 KB, uploaded 6 March 2018]   |  

Abstract

Deep neural network has achieved great progress on tasks involving complex abstract concepts. However, there exist adversarial perturbations, which are imperceptible to humans, which can tremendously undermine the performance of deep neural network classifiers. Moreover, universal adversarial perturbations can even fool classifiers on almost all examples with just a single perturbation vector. In this paper, we propose TwinNet, a framework for neural network classifiers to detect such adversarial perturbations. TwinNet makes no modification of the protected classifier. It detects adversarially perturbated examples by enhancing different types of features in dedicated networks and fusing the output of the networks later. The paper empirically shows that our framework can identify adversarial perturbations effectively with a slight loss in accuracy when predicting normal examples, which outperforms state-of-the-art works. View Full-Text
Keywords: deep neural network; universal adversarial perturbation; double sub-network; detecting; PCA; ImageNet deep neural network; universal adversarial perturbation; double sub-network; detecting; PCA; ImageNet
Figures

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. (CC BY 4.0).
SciFeed

Share & Cite This Article

MDPI and ACS Style

Ruan, Y.; Dai, J. TwinNet: A Double Sub-Network Framework for Detecting Universal Adversarial Perturbations. Future Internet 2018, 10, 26.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics

1

Comments

[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top