Adversarial Examples Identification in an End-to-End System With Image Transformation and Filters

Deep learning has been receiving great attention in recent years because of its impressive performance in many tasks. However, the widespread adoption of deep learning also becomes a major security risk for those systems as recent researches have pointed out the vulnerabilities of deep learning models. And one of the security issues related to deep learning models is adversarial examples that are an instance with very small, intentional feature perturbations that cause a machine learning model to make a wrong prediction. There have been many proposed defensive methods to combat or detect adversarial examples but still not perfect, powerful and still need a lot of fine-tuning in the process of installing security systems. In this work, we introduce a completely automated method of identifying adversarial examples by using image transformation and filter techniques in an end-to-end system. By exploring the adversarial features that are sensitive to geometry and frequency, we integrate the geometric transformation and denoising based on the frequency domain for identifying adversarial examples. Our proposed detection system is evaluated on popular data sets such as ImageNet or MNIST and gives accurate results up to 99.9 & x0025; with many optimizations.