Shiqing Ma (Purdue University), Yingqi Liu (Purdue University), Guanhong Tao (Purdue University), Wen-Chuan Lee (Purdue University), Xiangyu Zhang (Purdue University)

Deep Neural Networks (DNN) are vulnerable to adversarial samples that
are generated by perturbing correctly classified inputs to cause DNN
models to misbehave (e.g., misclassification). This can potentially
lead to disastrous consequences especially in security-sensitive
applications. Existing defense and detection techniques work well for
specific attacks under various assumptions (e.g., the set of possible
attacks are known beforehand). However, they are not sufficiently
general to protect against a broader range of attacks. In this paper,
we analyze the internals of DNN models under various attacks and
identify two common exploitation channels: the provenance channel and
the activation value distribution channel. We then propose a novel
technique to extract DNN invariants and use them to perform runtime
adversarial sample detection. Our experimental results of 11 different
kinds of attacks on popular datasets including ImageNet and 13 models
show that our technique can effectively detect all these attacks
(over 90% accuracy) with limited false positives. We also compare it
with three state-of-the-art techniques including the Local Intrinsic
Dimensionality (LID) based method, denoiser based methods (i.e.,
MagNet and HGD), and the prediction inconsistency based approach
(i.e., feature squeezing). Our experiments show promising results.

View More Papers

Oligo-Snoop: A Non-Invasive Side Channel Attack Against DNA Synthesis...

Sina Faezi (University of California, Irvine), Sujit Rokka Chhetri (University of California, Irvine), Arnav Vaibhav Malawade (University of California, Irvine), John Charles Chaput (University of California, Irvine), William Grover (University of California, Riverside), Philip Brisk (University of California, Riverside), Mohammad Abdullah Al Faruque (University of California, Irvine)

Read More

YODA: Enabling computationally intensive contracts on blockchains with Byzantine...

Sourav Das (Department of Computer Science and Engineering, Indian Institute of Technology Delhi), Vinay Joseph Ribeiro (Department of Computer Science and Engineering, Indian Institute of Technology Delhi), Abhijeet Anand (Department of Computer Science and Engineering, Indian Institute of Technology Delhi)

Read More

Total Recall: Persistence of Passwords in Android

Jaeho Lee (Rice University), Ang Chen (Rice University), Dan S. Wallach (Rice University)

Read More

DroidCap: OS Support for Capability-based Permissions in Android

Abdallah Dawoud (CISPA Helmholtz Center i.G.), Sven Bugiel (CISPA Helmholtz Center i.G.)

Read More