Adversarial Examples Detection With Enhanced Image Difference Features Based on Local Histogram Equalization

Deep Neural Networks (DNNs) have recently made significant strides in various fields; however, they are susceptible to adversarial examples—crafted inputs with imperceptible perturbations that can mislead these networks. Notably, even when adversaries lack access to the complete model parameters, they can still generate adversarial examples targeting a range of DNN-based task systems. Various defense mechanisms have been proposed, such as feature compression and gradient masking. Nevertheless, extensive research indicates that these methods often address only specific attacks, rendering them ineffective against novel and unknown attack strategies. Recent studies have highlighted the efficacy of identifying adversarial examples in the frequency domain; however, these approaches are limited to frequency-based analysis. In this study, we experimentally observe that adversarial examples possess significant characteristics in local regions. Specifically, adversarial perturbations exhibit localized randomness, whereas the high-frequency information in normal examples is both locally coherent and semantically relevant. This critical distinction enables effectively distinguishing adversarial examples from normal ones. To leverage this insight, we aim to enhance the high-frequency features of input examples to amplify their feature disparities. We propose an image enhancement method utilizing local histogram equalization. Our experimental results demonstrate that this method substantially improves detector performance without modifying the existing detection models. Furthermore, this technique can be seamlessly integrated with task models, effectively reducing deployment costs in practical applications.