Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

UNICAD: A Unified Approach for Attack Detection, Noise Reduction and Novel Class Identification

Alvaro Lopez Pellicer, Kittipos Giatgong, Yi Li, Neeraj Suri, Plamen Angelov

TL;DR

UNICAD addresses the combined challenges of adversarial attacks and unseen classes in image classification by unifying attack detection, noise reduction, and novel class identification within a prototype-based, similarity-driven architecture. It introduces a layered design with a Feature Extraction Layer, Prototype Conditional Probability Layer, Global Decision Making Layer, Denoising Layer using a novel combined loss $\mathcal{L}_{\text{comb}}$, and an Attack Decision Making Layer to dynamically handle attacks and emerging classes. Key contributions include the prototype-based similarity framework, the embedded denoising autoencoder that preserves latent and pixel fidelity, and the ability to detect and incorporate new classes without full retraining, demonstrated on CIFAR-10 with backbones like VGG-16 and DINOv2. The results show strong robustness under FGSM, PGD, and C&W attacks, competitive unseen-class detection, and improved clean accuracy retention, signaling significant practical impact for secure and adaptable vision systems in dynamic environments where distribution shifts and adversarial threats occur. The work advances a practical path toward real-world deployment of unified defenses that balance accuracy, interpretability, and open-set adaptability.

Abstract

As the use of Deep Neural Networks (DNNs) becomes pervasive, their vulnerability to adversarial attacks and limitations in handling unseen classes poses significant challenges. The state-of-the-art offers discrete solutions aimed to tackle individual issues covering specific adversarial attack scenarios, classification or evolving learning. However, real-world systems need to be able to detect and recover from a wide range of adversarial attacks without sacrificing classification accuracy and to flexibly act in {\bf unseen} scenarios. In this paper, UNICAD, is proposed as a novel framework that integrates a variety of techniques to provide an adaptive solution. For the targeted image classification, UNICAD achieves accurate image classification, detects unseen classes, and recovers from adversarial attacks using Prototype and Similarity-based DNNs with denoising autoencoders. Our experiments performed on the CIFAR-10 dataset highlight UNICAD's effectiveness in adversarial mitigation and unseen class classification, outperforming traditional models.

UNICAD: A Unified Approach for Attack Detection, Noise Reduction and Novel Class Identification

TL;DR

UNICAD addresses the combined challenges of adversarial attacks and unseen classes in image classification by unifying attack detection, noise reduction, and novel class identification within a prototype-based, similarity-driven architecture. It introduces a layered design with a Feature Extraction Layer, Prototype Conditional Probability Layer, Global Decision Making Layer, Denoising Layer using a novel combined loss , and an Attack Decision Making Layer to dynamically handle attacks and emerging classes. Key contributions include the prototype-based similarity framework, the embedded denoising autoencoder that preserves latent and pixel fidelity, and the ability to detect and incorporate new classes without full retraining, demonstrated on CIFAR-10 with backbones like VGG-16 and DINOv2. The results show strong robustness under FGSM, PGD, and C&W attacks, competitive unseen-class detection, and improved clean accuracy retention, signaling significant practical impact for secure and adaptable vision systems in dynamic environments where distribution shifts and adversarial threats occur. The work advances a practical path toward real-world deployment of unified defenses that balance accuracy, interpretability, and open-set adaptability.

Abstract

As the use of Deep Neural Networks (DNNs) becomes pervasive, their vulnerability to adversarial attacks and limitations in handling unseen classes poses significant challenges. The state-of-the-art offers discrete solutions aimed to tackle individual issues covering specific adversarial attack scenarios, classification or evolving learning. However, real-world systems need to be able to detect and recover from a wide range of adversarial attacks without sacrificing classification accuracy and to flexibly act in {\bf unseen} scenarios. In this paper, UNICAD, is proposed as a novel framework that integrates a variety of techniques to provide an adaptive solution. For the targeted image classification, UNICAD achieves accurate image classification, detects unseen classes, and recovers from adversarial attacks using Prototype and Similarity-based DNNs with denoising autoencoders. Our experiments performed on the CIFAR-10 dataset highlight UNICAD's effectiveness in adversarial mitigation and unseen class classification, outperforming traditional models.
Paper Structure (16 sections, 13 equations, 3 figures, 3 tables)

This paper contains 16 sections, 13 equations, 3 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Adversarial Attacks in Image Domain
  4. Defences Against Adversarial Attacks
  5. Novel Class Identification Techniques
  6. Proposed UNICAD Architecture
  7. Feature Extraction Layer
  8. Prototype Conditional Probability Layer
  9. Global Decision Making Layer
  10. Denoising layer
  11. Attack Decision Making Layer
  12. Results and discussion
  13. Dataset
  14. Experimental Configuration
  15. Results
  16. ...and 1 more sections

Figures (3)

  • Figure 1: FGSM attack visualization on a CIFAR-10 image, demonstrating the perturbation effects.
  • Figure 2: Schematic of the UNICAD framework, showing its layered structure and the processing pathways for (a) trained class images, (b) adversarially attacked images, and (c) unseen class images.
  • Figure 3: Architecture of the proposed denoising autoencoder highlighting two scenarios: (a) processing of clean images and (b) removal of adversarial noise from attacked images.