View Item 
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        •   Utrecht University Student Theses Repository Home
        • UU Theses Repository
        • Theses
        • View Item
        JavaScript is disabled for your browser. Some features of this site may not work without it.

        Browse

        All of UU Student Theses RepositoryBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

        Enhancing Adversarial Detection for Multi-Type Attacks through Globalized and Localized Features

        Thumbnail
        View/Open
        Thesis - Adversarial detection - Ian van de Poll .pdf (39.70Mb)
        Publication date
        2025
        Author
        Poll, Ian van de
        Metadata
        Show full item record
        Summary
        Adversarial attacks pose a serious threat to the use of deep learning in computer vision. This thesis addresses two primary questions: whether a single detection method can effectively handle multiple types of adversarial attacks, and whether combining global and localised features enhances the detection of adversarial attacks. The proposed method integrates a ResNet-18-based global branch with a local branch, using local patches with a shallow CNN, along with a fusion branch that combines both representations to make a more fine-grained prediction. We perform experiments using DPatch (a localised attack) and PGD (a global gradient-based attack) to evaluate how each component contributes to detection performance. Our results demonstrate that ResNet-18 already serves as a strong baseline for detecting adversarial attacks. Using explainable AI techniques, we observed that the model focuses on local patches for its decision-making. Global attacks are more challenging to explain using xAI, so we conducted a deeper analysis. This demonstrated that the global branch learns highfrequency patterns to distinguish between clean and adversarial examples. When adversarial noise resembles adversarial attacks, the model becomes more brittle and misclassifies these hard-negative cases, indicating that adversarial detection methods should incorporate and utilise non-adversarial examples as a robustness test. The use of cross-entropy was found to be not expressive enough in forming meaningful features in the latent space of the convolution layers. It suggests that the model may learn shortcuts or memorization. The use of contrastive learning emphasises an adversarial detector to learn these important features. We also demonstrated that the local branch can effectively detect attacks using only small patches of the image, showing that neural networks can classify adversarial examples with limited input. Since patch-wise detection is not widely studied in the literature, we conducted an ablation study focusing on the number of patches, patch size, and the aggregation function. The key finding is that self-attention significantly improves the local branch’s performance, surpassing the benefits of increasing the patch size or number of patches during the extraction of local patches from the input image. Accuracy-wise, the local branch can compete with the global ResNet approach, achieving an overall accuracy of 81%. The fusion of global and local features resulted in improved overall detection accuracy, increasing from 81% with ResNet-18 to 91%. It did not lead to more discriminative features, especially for global attacks in combination with hard-negative examples of non-adversarial noise. All branches performed well on localised attacks. These findings suggest that combining global and local feature extraction is a promising direction for adversarial detection; however, further research on global gradient-based attacks is needed to understand the limitations of this approach better.
        URI
        https://studenttheses.uu.nl/handle/20.500.12932/50490
        Collections
        • Theses

        Related items

        Showing items related by title, author, creator and subject.

        • From Local Staple to Global Commodity: Assessing the Impacts of the Growing Global Demand for Quinoa on Bolivian Farmers’ Livelihoods with Special Reference to their Food Security 

          Ensor, Y.P. (2015)
          The choice of quinoa, as the focus of field research, came about as a result of articles appearing in the western media. Many of them reported that the growers of the Bolivian Altiplano were becoming impoverished and ...
        • Eat local, think global? The role of local food production chains in the Netherlands in achieving sustainability through environmental awareness, attitude and behaviour. 

          Pleeging, E. (2013)
          Abstract This Bachelorthesis examines the role of local food production chains as a successful process in achieving sustainability through knowledge, awareness, attitude and behaviour. First of all, sustainable consumption ...
        • Local Ownership and Poverty Reduction of Local Communities in the Global South- Perceived From a Postcolonial Perspective The Case of Malian Small Scale Development Projects 

          Eitjes, Quinten (2022)
          Development “aid” has in the last decades been rephrased into development “cooperation”, with a focus on the collaboration of the donor on the one side and the “ones to be helped” on the other (Di Ciommo, 2014). Among the ...
        Utrecht university logo