THE HYBRID METHOD FOR EVASION ATTACKS DETECTION IN THE MACHINE LEARNING SYSTEMS

An analysis of existing methods that provide the detection of evasion attacks in the machine
learning systems is presented. An experimental comparison of these methods has been performed.
The Uncertainty method is the most universal one, but its accuracy in detecting SGM, MS, BA evasion
attacks is lower than that of other methods, and it is difficult to determine such values of the uncertainty
boundary for adversarial samples that would allow more accurate detection of evasions. A new
hybrid method has been proposed and discussed, which is a two-stage verification of input data,
supplemented by input data pre-processing. In the proposed method, the threshold of uncertainty
for adversarial samples has become distinct and quickly computable. The hybrid method allows detecting
OOD attacks with 80% accuracy, and SGM, MS, BA attacks with 93% accuracy