ML Security PapersA Statistical Method for Attack-Agnostic Adversarial Attack Detection with Compressive Sensing Comparison
Chinthana Wimalasuriya , Spyros Tragoudas
Published on arXiv
2510.02707
Input Manipulation Attack
OWASP ML Top 10 — ML01
Key Finding
Achieves near-perfect adversarial detection across five diverse attack types (FGSM, PGD, Square, DeepFool, CW) while significantly reducing false positives compared to state-of-the-art detectors.
Adversarial attacks present a significant threat to modern machine learning systems. Yet, existing detection methods often lack the ability to detect unseen attacks or detect different attack types with a high level of accuracy. In this work, we propose a statistical approach that establishes a detection baseline before a neural network's deployment, enabling effective real-time adversarial detection. We generate a metric of adversarial presence by comparing the behavior of a compressed/uncompressed neural network pair. Our method has been tested against state-of-the-art techniques, and it achieves near-perfect detection across a wide range of attack types. Moreover, it significantly reduces false positives, making it both reliable and practical for real-world applications.
Key Contributions
- Attack-agnostic adversarial detection method that requires no prior knowledge of attack type by comparing feature-layer distributions of a compressed/uncompressed CNN pair
- A pre-deployment calibration procedure to establish per-class identity baselines and a runtime threshold T derived from KL divergence, L2 norm, and Mann-Whitney U statistics
- Near-perfect detection across FGSM, PGD, Square Attack, DeepFool, and CW attacks with significantly reduced false positives compared to existing methods
🛡️ Threat Analysis
The paper directly defends against input manipulation attacks (adversarial examples) by detecting adversarially perturbed inputs at inference time; it is evaluated against FGSM, PGD, Square Attack, DeepFool, and CW — all canonical adversarial example attacks.