Anomaly detection of adversarial examples using class-conditional generative adversarial networks

Deep neural networks (DNNs) have been shown vulnerable to Test-Time Evasion attacks (TTEs, or adver-sarial examples), which, by making small changes to the input, alter the DNN's decision. We propose an unsupervised attack detector for DNN classifiers based on class-conditional Generative Adversarial Net-works (GANs). We model the distribution of clean data conditioned on the predicted class label by an Auxiliary Classifier GAN (AC-GAN). Given a test sample and its predicted class, three detection statis-tics are calculated based on the AC-GAN generator and discriminator. Experiments on image classifica-tion datasets under various TTE attacks show that our method outperforms previous detection methods. We also investigate the effectiveness of anomaly detection using different DNN layers (input features or internal-layer features) and demonstrate, as one might expect, that anomalies are harder to detect us-ing features closer to the DNN's output layer. Finally, our approach is also investigated for more general out-of-distribution detection.(c) 2022 Elsevier Ltd. All rights reserved.