Abstract

The existing methods for the detection of evasion attacks in machine learning systems are analyzed. An experimental comparison of the methods is carried out. The uncertainty method is universal; however, in this method, it is difficult to determine such uncertainty boundaries for adversarial examples that would enable the precise identification of evasion attacks, which would result in lower efficiency parameters with respect to the skip gradient method (SGM) attack, maps of significance (MS) attack, and boundary attack (BA) compared to the other methods. A new hybrid method representing the two-stage input data verification complemented with preliminary processing is developed. In the new method, the uncertainty boundary for adversarial objects has become distinguishable and quickly computable. The hybrid method makes it possible to detect out-of-distribution (OOD) evasion attacks with a precision of not less than 80%, and SGM, MS, and BA attacks with a precision of 93%.

中文翻译：

---

针对机器学习系统的规避攻击检测的混合方法

摘要

分析了机器学习系统中现有的规避攻击检测方法。对这些方法进行了实验比较。不确定度法具有通用性；然而，在这种方法中，很难确定对抗性示例的不​​确定性边界，从而能够精确识别逃避攻击，这将导致相对于跳跃梯度法（SGM）攻击的效率参数较低，显着性图（ MS）攻击和边界攻击（BA）与其他方法相比。开发了一种新的混合方法，代表两阶段输入数据验证辅以初步处理。在新方法中，对抗对​​象的不确定性边界变得可区分且可快速计算。该混合方法使得能够以不低于80%的精度检测分布外（OOD）规避攻击，以及以93%的精度检测SGM、MS和BA攻击。