Deep learning has greatly improved visual recognition in recent years. However, recent research has shown that there exist many adversarial examples that can negatively impact the performance of such an architecture. This paper focuses on detecting those adversarial examples by analyzing whether they come from the same distribution as the normal examples. Instead of directly training a deep neural network to detect adversarials, a much simpler approach is proposed based on statistics on outputs from convolutional layers. A cascade classifier is designed to efficiently detect adversarials. Furthermore, trained from one particular adversarial generating mechanism, the resulting classifier can successfully detect adversarials from a completely different mechanism as well. After detecting adversarial examples, we show that many of them can be recovered by simply performing a small average filter on the image. Those findings should provoke us to think more about the classification mechanisms in deep convolutional neural networks.

本文提出了一种基于卷积层输出统计的级联分类器来有效检测深度神经网络中的对抗性样本，并且这种分类器是不可微分的，从而难以通过添加梯度干扰攻击；此外，利用小型均值滤波器可以恢复传统的对抗性样本，并且结果提供了更多关于深度卷积神经网络分类机制的见解。

使用卷积滤波器统计量检测深度网络中的对抗性样本