TY - GEN
T1 - Turning Swords into Shields
T2 - 8th Chinese Conference on Pattern Recognition and Computer Vision, PRCV 2025
AU - Sun, Chengbin
AU - Sun, Hailong
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2026.
PY - 2026
Y1 - 2026
N2 - Deep neural networks (DNNs) are inherently vulnerable to adversarial examples, which present significant challenges for their reliable deployment in safety-critical applications. Although several defense strategies have been proposed to mitigate this vulnerability, their effectiveness is frequently undermined by white-box attacks, where adversaries exploit detailed knowledge of the underlying defense mechanisms. In this paper, we propose SNARE, a novel defense mechanism designed to effectively mitigate the impact of white-box adversaries. Instead of merely masking the inherent vulnerabilities of DNNs, SNARE strategically introduces intentionally introduced vulnerabilities, thereby guiding attackers toward predictable attack patterns that can be effectively mitigated. By embedding a plug-and-play module into the target model, SNARE deliberately engineers vulnerabilities that serve as decoys, directing adversaries to produce adversarial examples with specific characteristics. These features show discernible patterns that are consistently detectable, thereby enabling accurate identification of adversarial examples. The module can be seamlessly integrated into different model architectures without altering their essential functionality. Experimental results demonstrate that SNARE surpasses existing state-of-the-art defense techniques across numerous benchmarks.
AB - Deep neural networks (DNNs) are inherently vulnerable to adversarial examples, which present significant challenges for their reliable deployment in safety-critical applications. Although several defense strategies have been proposed to mitigate this vulnerability, their effectiveness is frequently undermined by white-box attacks, where adversaries exploit detailed knowledge of the underlying defense mechanisms. In this paper, we propose SNARE, a novel defense mechanism designed to effectively mitigate the impact of white-box adversaries. Instead of merely masking the inherent vulnerabilities of DNNs, SNARE strategically introduces intentionally introduced vulnerabilities, thereby guiding attackers toward predictable attack patterns that can be effectively mitigated. By embedding a plug-and-play module into the target model, SNARE deliberately engineers vulnerabilities that serve as decoys, directing adversaries to produce adversarial examples with specific characteristics. These features show discernible patterns that are consistently detectable, thereby enabling accurate identification of adversarial examples. The module can be seamlessly integrated into different model architectures without altering their essential functionality. Experimental results demonstrate that SNARE surpasses existing state-of-the-art defense techniques across numerous benchmarks.
KW - Adversarial examples
KW - Deep Learning Security
KW - Trojan Attack
UR - https://www.scopus.com/pages/publications/105028354746
U2 - 10.1007/978-981-95-5699-1_10
DO - 10.1007/978-981-95-5699-1_10
M3 - 会议稿件
AN - SCOPUS:105028354746
SN - 9789819556984
T3 - Lecture Notes in Computer Science
SP - 136
EP - 151
BT - Pattern Recognition and Computer Vision - 8th Chinese Conference, PRCV 2025, Proceedings
A2 - Kittler, Josef
A2 - Xiong, Hongkai
A2 - Lin, Weiyao
A2 - Yang, Jian
A2 - Chen, Xilin
A2 - Lu, Jiwen
A2 - Yu, Jingyi
A2 - Zheng, Weishi
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 15 October 2025 through 18 October 2025
ER -