Abstract
Keyless entry systems in cars are adopting neural networks for localizing its operators. Using test-time adversarial defences equip such systems with the ability to defend against adversarial attacks without prior training on adversarial samples. We propose a test-time adversarial example detector which detects the input adversarial example through quantifying the localized intermediate responses of a pre-trained neural network and confidence scores of an auxiliary softmax layer. Furthermore, in order to make the network robust, we extenuate the non-relevant features by non-iterative input sample clipping. Using our approach, mean performance over 15 levels of adversarial perturbations is increased by 53.3% for the fast gradient sign method and 60.9% for both the basic iterative method and the projected gradient method when compared to adversarial training.
| Original language | English |
|---|---|
| Title of host publication | 31st European Signal Processing Conference, EUSIPCO 2023 - Proceedings |
| Pages | 1365-1369 |
| Number of pages | 5 |
| ISBN (Electronic) | 9789464593600 |
| DOIs | |
| Publication status | Published - 2023 |
| Event | 31st European Signal Processing Conference: EUSIPCO 2023 - Helsinki, Finland Duration: 4 Sept 2023 → 8 Sept 2023 |
Conference
| Conference | 31st European Signal Processing Conference |
|---|---|
| Country/Territory | Finland |
| City | Helsinki |
| Period | 4/09/23 → 8/09/23 |
Keywords
- channel impulse response
- human localization
- Test time adversarial robustness
- ultra wideband (UWB) sensors
ASJC Scopus subject areas
- Signal Processing
- Electrical and Electronic Engineering