Detecting adversarial examples using image reconstruction differences

The adversarial examples (AEs) cause misjudgments and damage the robustness of the DNNs systems. Previous studies have defended against AEs by detecting, but it is challenging to ensure a stable and high performance of detecting AEs, while with a poor false detection. To this end, an AEs detection method named image reconstruction differences (IRD) is proposed to enhance the robustness of DNNs. Firstly, we use an end-to-end Com-Rec network to reconstruct examples with feature compression to expand the distinguishing features. Secondly, propose an image reconstruction differences based on information-theoretic VIF, structural information UQI and spectral information RASE composition to discriminate AEs. Moreover, we introduce the idea of integrated learning to form a strong random forest binary classifier to enhance the performance of detecting AEs. We further validate it through extensive experiments on the MNIST and CIFAR-10 datasets. These experiments demonstrated that the IRD effectively detected AEs and achieved a high average accuracy of 98.33%. Specifically it also performs favorably against the following methods based on Feature Squeezing, Local Intrinsic Dimensionality, Kernel Density and Network Invariance Checking with an average detection rate of 99.54% and a 1.44% average false positive rate.