Deep Learning Based Adversarial Images Detection

  • Haiyan Liu
  • Wenmei LiEmail author
  • Zhuangzhuang Li
  • Yu Wang
  • Guan Gui
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 301)


The threat of attack against deep learning based network is gradually strengthened in computer vision. The adversarial examples or images are produced by applying intentional a slight perturbation, which is not recognized by human, but can confuse the deep learning based classifier. To enhance the robustness of image classifier, we proposed several deep learning based algorithms (i.e., CNN-SVM, CNN-KNN, CNN-RF) to detect adversarial images. To improve the utilization rate of multi-layer features, an ensemble model based on two layer features generated by CNN is applied to detect adversarial examples. The accuracy, detection probability, fake alarm probability and miss probability are applied to evaluate our proposed algorithms. The results show that the ensemble model based on SVM can achieve the best performance (i.e., 94.5%) than other methods for testing remote sensing image dataset.


Adversarial detection Deep learning Ensemble model Support vector machine (SVM) K-nearest neighbors (KNN) Random forest (RF) 


  1. 1.
    Gui, G., Huang, H., Song, Y., Sari, H.: Deep learning for an effective nonorthogonal multiple access scheme. IEEE Trans. Veh. Technol. 67(9), 8440–8450 (2018)CrossRefGoogle Scholar
  2. 2.
    Huang, H., Yang, J., Huang, H., Song, Y., Gui, G.: Deep learning for super-resolution channel estimation and DOA estimation based massive MIMO system. IEEE Trans. Veh. Technol. 67(9), 8549–8560 (2018)CrossRefGoogle Scholar
  3. 3.
    Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: International Conference on Learning Representations (ICLR), pp. 1–11 (2015)Google Scholar
  4. 4.
    Tabacof, P., Valle, E.: Exploring the space of adversarial images. In: Proceedings of International Joint Conference on Neural Networks (IJCNN), pp. 426–433 (2016)Google Scholar
  5. 5.
    Liang, B., Li, H., Su, M., Li, X., Shi, W., Wang, X.: Detecting adversarial image examples in deep neural networks with adaptive noise reduction. IEEE Trans. Dependable Secur. Comput. (2018). Scholar
  6. 6.
    Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale. In: International Conference on Learning Representations (ICLR), pp. 1–17 (2017)Google Scholar
  7. 7.
    He, W., Wei, J., Chen, X., Carlini, N., Song, D.: Adversarial example defenses: ensembles of weak defenses are not strong (2017).
  8. 8.
    Li, X., Li, F.: Adversarial examples detection in deep networks with convolutional filter statistics. In: IEEE International Conference on Computer Vision (ICCV), pp. 5775–5783 (2017)Google Scholar
  9. 9.
    Zhang, M., Li, W., Du, Q.: Diverse region-based CNN for hyperspectral image classification. IEEE Trans. Image Process. 27(6), 2623–2634 (2018)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Fawzi, A., Moosavi-Dezfooli, S.-M., Frossard, P.: Robustness of classifiers: from adversarial to random noise. In: 30th Conference on Neural Information Processing Systems (NIPS), pp. 1632–1640 (2016)Google Scholar
  11. 11.
    Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE Symposium on Security and Privacy (SSP), pp. 39–57 (2017)Google Scholar

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019

Authors and Affiliations

  • Haiyan Liu
    • 1
  • Wenmei Li
    • 1
    • 2
    Email author
  • Zhuangzhuang Li
    • 1
  • Yu Wang
    • 1
  • Guan Gui
    • 1
  1. 1.College of Telecommunications and Information EngineeringNanjing University of Posts and TelecommunicationsNanjingChina
  2. 2.School of Geographic and Biologic InformationNanjing University of Posts and TelecommunicationsNanjingChina

Personalised recommendations