Detect Adversarial Examples with Exchangeability Martingale

Genghua Dong, Roman Bresson, Henrik Boström
Proceedings of the Fourteenth Symposium on Conformal and Probabilistic Prediction with Applications, PMLR 266:758-761, 2025.

Abstract

Adversarial examples (AEs) are raw examples perturbed in a way that is indistinguishable by humans, misleading DNNs into an incorrect prediction. When present in a sequence of examples, AEs disrupt the assumption of exchangeability that examples are drawn i.i.d. from a fixed time-invariant distribution. In this paper, we propose an efficient method for AEs detection in image sequences based on conformal test martingales constructed from example embeddings. To improve the sensitivity of AEs detection, we further augment embeddings with gradient-based attention and local intrinsic dimension (LID) modulation. Our study demonstrates the high efficiency of detecting AEs generated by FGSM, PGD, and CW methods under different hyperparameter settings.

Cite this Paper

BibTeX
@InProceedings{pmlr-v266-dong25a, title = {Detect Adversarial Examples with Exchangeability Martingale}, author = {Dong, Genghua and Bresson, Roman and Bostr\"{o}m, Henrik}, booktitle = {Proceedings of the Fourteenth Symposium on Conformal and Probabilistic Prediction with Applications}, pages = {758--761}, year = {2025}, editor = {Nguyen, Khuong An and Luo, Zhiyuan and Papadopoulos, Harris and Löfström, Tuwe and Carlsson, Lars and Boström, Henrik}, volume = {266}, series = {Proceedings of Machine Learning Research}, month = {10--12 Sep}, publisher = {PMLR}, pdf = {https://raw.githubusercontent.com/mlresearch/v266/main/assets/dong25a/dong25a.pdf}, url = {https://proceedings.mlr.press/v266/dong25a.html}, abstract = {Adversarial examples (AEs) are raw examples perturbed in a way that is indistinguishable by humans, misleading DNNs into an incorrect prediction. When present in a sequence of examples, AEs disrupt the assumption of exchangeability that examples are drawn i.i.d. from a fixed time-invariant distribution. In this paper, we propose an efficient method for AEs detection in image sequences based on conformal test martingales constructed from example embeddings. To improve the sensitivity of AEs detection, we further augment embeddings with gradient-based attention and local intrinsic dimension (LID) modulation. Our study demonstrates the high efficiency of detecting AEs generated by FGSM, PGD, and CW methods under different hyperparameter settings.} }
Endnote
%0 Conference Paper %T Detect Adversarial Examples with Exchangeability Martingale %A Genghua Dong %A Roman Bresson %A Henrik Boström %B Proceedings of the Fourteenth Symposium on Conformal and Probabilistic Prediction with Applications %C Proceedings of Machine Learning Research %D 2025 %E Khuong An Nguyen %E Zhiyuan Luo %E Harris Papadopoulos %E Tuwe Löfström %E Lars Carlsson %E Henrik Boström %F pmlr-v266-dong25a %I PMLR %P 758--761 %U https://proceedings.mlr.press/v266/dong25a.html %V 266 %X Adversarial examples (AEs) are raw examples perturbed in a way that is indistinguishable by humans, misleading DNNs into an incorrect prediction. When present in a sequence of examples, AEs disrupt the assumption of exchangeability that examples are drawn i.i.d. from a fixed time-invariant distribution. In this paper, we propose an efficient method for AEs detection in image sequences based on conformal test martingales constructed from example embeddings. To improve the sensitivity of AEs detection, we further augment embeddings with gradient-based attention and local intrinsic dimension (LID) modulation. Our study demonstrates the high efficiency of detecting AEs generated by FGSM, PGD, and CW methods under different hyperparameter settings.
APA
Dong, G., Bresson, R. & Boström, H.. (2025). Detect Adversarial Examples with Exchangeability Martingale. Proceedings of the Fourteenth Symposium on Conformal and Probabilistic Prediction with Applications, in Proceedings of Machine Learning Research 266:758-761 Available from https://proceedings.mlr.press/v266/dong25a.html.

Related Material