AED-PADA:Improving Generalizability of Adversarial Example Detection via Principal Adversarial Domain Adaptation
arxiv(2024)
摘要
Adversarial example detection, which can be conveniently applied in many
scenarios, is important in the area of adversarial defense. Unfortunately,
existing detection methods suffer from poor generalization performance, because
their training process usually relies on the examples generated from a single
known adversarial attack and there exists a large discrepancy between the
training and unseen testing adversarial examples. To address this issue, we
propose a novel method, named Adversarial Example Detection via Principal
Adversarial Domain Adaptation (AED-PADA). Specifically, our approach identifies
the Principal Adversarial Domains (PADs), i.e., a combination of features of
the adversarial examples from different attacks, which possesses large coverage
of the entire adversarial feature space. Then, we pioneer to exploit
multi-source domain adaptation in adversarial example detection with PADs as
source domains. Experiments demonstrate the superior generalization ability of
our proposed AED-PADA. Note that this superiority is particularly achieved in
challenging scenarios characterized by employing the minimal magnitude
constraint for the perturbations.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要