Machine learning techniques are immensely deployed in both industry and academy. Recent studies indicate that machine learning models used for classification tasks are vulnerable to adversarial examples, which limits the usage of applications in the fields with high precision requirements. We propose a new approach called Feature Map Denoising to detect the adversarial inputs and show the performance of detection on the mixed dataset consisting of adversarial examples generated by different attack algorithms, which can be used to associate with any pre-trained DNNs at a low cost. Wiener filter is also introduced as the denoise algorithm to the defense model, which can further improve performance. Experimental results indicate that good accuracy of detecting the adversarial examples can be achieved through our Feature Map Denoising algorithm.

中文翻译：

---

使用深度神经网络改进对抗性图像的检测

机器学习技术在工业界和学术界都得到了广泛应用。最近的研究表明，用于分类任务的机器学习模型容易受到对抗性示例的影响，这限制了应用程序在具有高精度要求的领域的使用。我们提出了一种称为 Feature Map Denoising 的新方法来检测对抗性输入，并在由不同攻击算法生成的对抗性示例组成的混合数据集上展示检测性能，该方法可用于以低成本与任何预训练的 DNN 相关联. 防御模型中还引入了维纳滤波器作为去噪算法，可以进一步提高性能。实验结果表明，通过我们的特征映射去噪算法，可以实现检测对抗样本的良好精度。