A Label-based Approach for Automatic Identifying Adversarial Examples with Image Transformation

Besides extraordinary results that deep neural networks are widely deployed in many fields such as computer vision, speech recognition, and natural language processing, in recent years deep neural networks have been recognized vulnerable to intentional modification of legitimate inputs called adversarial examples. These patterns are almost indistinguishable from AI models and human perception. Adversarial examples' concern is rising dramatically and is attracted by many research's apprehensiveness because of its tremendous impact. Unfortunately, until now there is none of the defenses has been shown to be very effective. In this paper, we introduce a new defense strategy against adversarial examples by using a label-based end-to-end system. Our proposed defense system can mostly distinguish adversarial samples and benign images without human intervention. We exploit the important role of spatial domain in adversarial attacks and proposing a state-of-the-art method for detecting adversarial examples based on our observation. We evaluate our system's performance on a variety of standard benchmark datasets including MNIST and ImageNet. Our proposed method reached out detection rates in a range from 94.6% to 99.2% in many settings.