Presentation
AdvHunter: Detecting Adversarial Perturbations in Black-Box Neural Networks through Hardware Performance Counters
DescriptionThe paper introduces AdvHunter, a novel strategy to detect adversarial examples (AEs) in Deep Neural Networks (DNNs). AdvHunter operates effectively in practical black-box scenarios, where only hard-label query access is available, a situation often encountered with proprietary DNNs. This differentiates it from existing defenses, which usually rely on white-box access or need to be integrated during the training phase - requirements often not feasible with proprietary DNNs. AdvHunter functions by monitoring data flow dynamics within the computational environment during the inference phase of DNNs. It utilizes Hardware Performance Counters to monitor microarchitectural activities and employs principles of Gaussian Mixture Models to detect AEs. Extensive evaluation across various datasets, DNN architectures, and adversarial perturbations demonstrate the effectiveness of AdvHunter.
Event Type
Research Manuscript
TimeWednesday, June 264:15pm - 4:30pm PDT
Location3002, 3rd Floor
AI
Security
AI/ML Security/Privacy