学术报告
我的位置在: 首页 > 学术报告 > 正文
Detecting Adversarial Examples from Sensitivity Inconsistency of Spatial-Transform Domain
浏览次数:日期:2020-12-18编辑:信科院 科研办

报告人:周建涛 教授,澳门大学科技学院

报告时间:20201222日 上午1000

报告地点:信息科学与工程学院624

 

报告摘要:Deep neural networks (DNNs) have been shown to be vulnerable against adversarial examples (AEs), which are maliciously designed to cause dramatic model output errors. In this work, we find that normal examples (NEs) are insensitive to the fluctuations occurred at the highly-curved region of the decision boundary, while AEs typically designed over one single domain (mostly spatial domain) exhibit exorbitant sensitivity on such fluctuations. By exploiting the sensitivity inconsistency between NEs and AEs, we propose a simple yet effective method for detecting AEs. When comparing with the state-of-the-art algorithms based on Local Intrinsic Dimensionality (LID), Mahalanobis Distance (MD), and Feature Squeezing (FS), we observe improved detection performance and superior generalization capabilities, especially in the challenging cases where the perturbation levels are small. Experimental results on ResNet and VGG validate the superiority of the proposed method.

 

报告人简介:周建涛博士,澳门大学科技学院电脑与资讯科学系副教授,人工智能与机器人中心代主任,智慧城市物联网国家重点实验室城市大数据与智能技术研究室核心成员。曾入选第五批国家青年千人计划。2009年于香港科技大学电子及计算机工程系获得博士学位。曾作为富布赖特(Fulbright)青年学者于美国伊利诺大学厄巴纳-香槟分校访学。多年来一直从事多媒体信息取证与安全、图像处理、计算机视觉、机器学习等领域的研究。在IEEE Trans. Image ProcessingIEEE Trans. Signal ProcessingIEEE Trans. Information Forensics and SecurityIEEE CVPRACM Multimedia等国际顶级期刊和会议中发表论文140余篇。自201811月,担任图像处理领域的顶级期刊IEEE Trans. Image Processing(影响因子9.34)的副编辑。在图像处理领域的研究成果受到国际同行的认可,获得20162020年度IEEE ICME最佳论文奖。


邀请人:

联系人: