Adversarial and Clean Data Are Not Twins

Adversarial attack has cast a shadow on the massive success of deep neural networks. Despite being almost visually identical to the clean data, the adversarial images can fool deep neural networks into the wrong predictions with very high confidence. Adversarial training, as the most prevailing defense technique, suffers from class-wise unfairness and model-dependent challenges. In this paper, we propose to detect and eliminate adversarial data in databases prior to data processing in supporting robust and secure AI workloads. We empirically show that we can build a binary classifier separating the adversarial apart from the clean data with high accuracy. We also show that the binary classifier is robust to a…