Abstract
Keyless entry systems in cars are adopting neural networks for localizing its operators. Using test-time adversarial defences equip such systems with the ability to defend against adversarial attacks without prior training on adversarial samples. We propose a test-time adversarial example detector which detects the input adversarial example through quantifying the localized intermediate responses of a pre-trained neural network and confidence scores of an auxiliary softmax layer. Furthermore, in order to make the network robust, we extenuate the non-relevant features by non-iterative input sample clipping. Using our approach, mean performance over 15 levels of adversarial perturbations is increased by 53.3% for the fast gradient sign method and 60.9% for both the basic iterative method and the projected gradient method when compared to adversarial training.
| Originalsprache | englisch |
|---|---|
| Titel | 31st European Signal Processing Conference, EUSIPCO 2023 - Proceedings |
| Seiten | 1365-1369 |
| Seitenumfang | 5 |
| ISBN (elektronisch) | 9789464593600 |
| DOIs | |
| Publikationsstatus | Veröffentlicht - 2023 |
| Veranstaltung | 31st European Signal Processing Conference: EUSIPCO 2023 - Helsinki, Finnland Dauer: 4 Sept. 2023 → 8 Sept. 2023 |
Konferenz
| Konferenz | 31st European Signal Processing Conference |
|---|---|
| Land/Gebiet | Finnland |
| Ort | Helsinki |
| Zeitraum | 4/09/23 → 8/09/23 |
ASJC Scopus subject areas
- Signalverarbeitung
- Elektrotechnik und Elektronik