Perception and Grounding

Feature_Squeezer

Applies feature squeezing transformations such as bit-depth reduction or filtering to detect adversarial visual inputs.

Tool Introduction

Core parameters, trigger timing, and visual before/after demo references.

Short Explanation

Use this preprocessing check when visual inputs may contain noise attacks, stickers, or abnormal perturbations.

InputImage or feature tensor

OutputAdversarial prediction result and original model output

Trigger TimingTriggered on demand after the required input files and configuration are prepared.

RuntimeLocal safety preprocessing

BeforeImage or feature tensor

Prepare the scene, image, video, sensor stream, prompt, or configuration expected by the original project.

AfterAdversarial prediction result and original model output

Read the produced visualization, prediction, map, trajectory, mask, grasp pose, or other documented artifact.

Preset Example

A quick-run style example for the documentation page.

Inputtools/feature-squeezer/examples/input.png

Promptmethod: bit_depth; compare original and squeezed predictions

ExpectedA report containing the original prediction, squeezed prediction, and adversarial yes/no decision.

Parameters And Output

Readable controls and the meaning of each returned artifact.

Parameter Explanation

input_imagefile

Image or feature tensor to test.

methodselectbit_depth

Squeezing operation such as bit-depth reduction or median filtering.

thresholdslider

Difference threshold for flagging a suspicious prediction change.

Output Explanation

is_adversarial

Whether the input is flagged as adversarial.

original_model_output

Prediction before feature squeezing.

squeezed_model_output

Prediction after the selected squeezing transform.

How To Use

Official resources, deployment steps, academic context, citation, and source-reported benchmark numbers.

Resources

IBM ART GitHubhttps://github.com/Trusted-AI/adversarial-robustness-toolbox Code Downloadhttps://github.com/Trusted-AI/adversarial-robustness-toolbox/archive/refs/heads/main.zip Paperhttps://arxiv.org/abs/1704.01155 ART Docshttps://adversarial-robustness-toolbox.readthedocs.io/

Deployment Notes

Implement or install the feature squeezing transform required by the target model.
Prepare visual inputs under tools/feature-squeezer/examples/.
Run the detector with a repository-relative image path and selected squeeze method.
Save reports under tools/feature-squeezer/runs/ for safety logging.

Relative Path Example

python tools/feature-squeezer/run.py --input tools/feature-squeezer/examples/input.png --method bit_depth --output tools/feature-squeezer/runs/report.json

Expected Result Shape

{
  "tool": "feature-squeezer",
  "status": "ok",
  "results": [
    {
      "label": "Adversarial example detection",
      "score": 0.87,
      "output": "Adversarial prediction result and original model output"
    }
  ],
  "timing": {
    "runtime": "The submitted tool sheet describes the wrapper as interactive; the paper focuses on detection rate and false-positive behavior rather than one universal latency.",
    "device": "documented in source benchmark when available"
  },
  "artifacts": {
    "visualization": "tools/feature-squeezer/runs/visualization.png",
    "raw_predictions": "tools/feature-squeezer/runs/predictions.json"
  }
}

Paper figure

Academic Info

Paper identity and contribution summary.

TitleFeature Squeezing: Detecting Adversarial Examples in Deep Neural Networks

AuthorsAdd authors

VenueNDSS 2018

ContributionReduces the input search space and compares model behavior before and after squeezing to expose adversarial perturbations.

Citation

@misc{featuresqueezer2018,
  title={Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks},
  author={Author},
  year={2018},
  note={NDSS 2018},
  url={https://arxiv.org/abs/1704.01155}
}

Benchmark

Only compact, source-reported numbers are shown here.

Dataset	Metric	Value	Runtime	Source
MNIST, CIFAR-10, and ImageNet adversarial examples	Joint detection rate at around 5% false positive rate	98% on MNIST; 85% on CIFAR-10 and ImageNet	Feature squeezing detector	Official NDSS 2018 paper
MNIST adversarial attacks	Best joint detection, 1-bit + 2x2	0.982 overall detection	Static adversarial input detection	Official NDSS 2018 paper, Table 4
Target model baselines	Top-1 accuracy	MNIST 99.43%; CIFAR-10 94.84%; ImageNet MobileNet 68.36% top-1 / 88.25% top-5	Classifier baselines used for detection evaluation	Official NDSS 2018 paper, Table 1

Artifacts

Official NDSS 2018 paper, attack/detection tables, paper reference, and tool-sheet description from the submitted spreadsheet.

Demo Images

Visual references from the original tool. Click any image to inspect the original size.