English

Gradient Similarity: An Explainable Approach to Detect Adversarial Attacks against Deep Learning

Computer Vision and Pattern Recognition 2018-06-29 v1 Cryptography and Security Machine Learning

Abstract

Deep neural networks are susceptible to small-but-specific adversarial perturbations capable of deceiving the network. This vulnerability can lead to potentially harmful consequences in security-critical applications. To address this vulnerability, we propose a novel metric called \emph{Gradient Similarity} that allows us to capture the influence of training data on test inputs. We show that \emph{Gradient Similarity} behaves differently for normal and adversarial inputs, and enables us to detect a variety of adversarial attacks with a near perfect ROC-AUC of 95-100\%. Even white-box adversaries equipped with perfect knowledge of the system cannot bypass our detector easily. On the MNIST dataset, white-box attacks are either detected with a high ROC-AUC of 87-96\%, or require very high distortion to bypass our detector.

Keywords

Cite

@article{arxiv.1806.10707,
  title  = {Gradient Similarity: An Explainable Approach to Detect Adversarial Attacks against Deep Learning},
  author = {Jasjeet Dhaliwal and Saurabh Shintre},
  journal= {arXiv preprint arXiv:1806.10707},
  year   = {2018}
}

Comments

11 pages, 6 figures

R2 v1 2026-06-23T02:44:11.246Z