CISPA
Browse
cispa_all_3223.pdf (5.15 MB)

SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems

Download (5.15 MB)
conference contribution
posted on 2023-11-29, 18:13 authored by Edward Chou, Florian Tramer, Giancarlo PellegrinoGiancarlo Pellegrino
SentiNet is a novel detection framework for localized universal attacks on neural networks. These attacks restrict adversarial noise to contiguous portions of an image and are reusable with different images—constraints that prove useful for generating physically-realizable attacks. Unlike most other works on adversarial detection, SentiNet does not require training a model or preknowledge of an attack prior to detection. Our approach is appealing due to the large number of possible mechanisms and attack-vectors that an attack-specific defense would have to consider. By leveraging the neural network’s susceptibility to attacks and by using techniques from model interpretability and object detection as detection mechanisms, SentiNet turns a weakness of a model into a strength. We demonstrate the effectiveness of SentiNet on three different attacks—i.e., data poisoning attacks, trojaned networks, and adversarial patches (including physically realizable attacks)—and show that our defense is able to achieve very competitive performance metrics for all three threats. Finally, we show that SentiNet is robust against strong adaptive adversaries, who build adversarial patches that specifically target the components of SentiNet’s architecture.

History

Preferred Citation

Edward Chou, Florian Tramer and Giancarlo Pellegrino. SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems. In: Deep Learning and Security Workshop (DLS) (DLS). 2020.

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

Deep Learning and Security Workshop (DLS) (DLS)

Legacy Posted Date

2020-09-25

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_3223, title = "SentiNet: Detecting Localized Universal Attack Against Deep Learning Systems", author = "Chou, Edward and Tramer, Florian and Pellegrino, Giancarlo", booktitle="{Deep Learning and Security Workshop (DLS) (DLS)}", year="2020", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC