Publication Type
Conference Paper
Journal Name
Lecture Notes in Computer Science
Publication Date
Page Numbers
277 to 292
Volume
10723
Conference Name
International Symposium on Foundations and Practice of Security (FPS 2017)
Conference Location
Nancy, France
Conference Sponsor
CNRS
Conference Date
-
Abstract
The paper presents a new defense against adversarial attacks for deep neural networks. We demonstrate the effectiveness of our approach against the popular adversarial image generation method DeepFool. Our approach uses Wald’s Sequential Probability Ratio Test to sufficiently sample a carefully chosen neighborhood around an input image to determine the correct label of the image. On a benchmark of 50,000 randomly chosen adversarial images generated by DeepFool we demonstrate that our method SATYA is able to recover the correct labels for 95.76% of the images for CaffeNet and 97.43% of the correct label for GoogLeNet.