Unsupervised Adversarial Example Detection of Vision Transformers for Trustworthy Edge Computing

Jiaxing Li; Tan Yu’An; Jie Yang; Zhengdao Li; Heng Ye; Chenxiao Xia; Yuanzhang Li

doi:10.1145/3674981

Unsupervised Adversarial Example Detection of Vision Transformers for Trustworthy Edge Computing

Jiaxing Li^*, Tan Yu’An, Jie Yang, Zhengdao Li, Heng Ye, Chenxiao Xia, Yuanzhang Li^*

^*Corresponding author for this work

School of Computer Science and Technology

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

Many edge computing applications based on computer vision have harnessed the power of deep learning. As an emerging deep learning model for vision, Vision Transformer models have recently achieved record-breaking performance in various vision tasks. But many recent studies on the robustness of the Vision Transformer have shown that the Vision Transformer is still vulnerable to adversarial attacks and is easily affected by adversarial attacks, causing the model to misclassify the input. In this work, we ask an intriguing question: “Can Adversarial Perturbations against Vision Transformers be detected with model explanations?” Driven by this question, we observe that benign samples and adversarial examples have different attribution maps after applying the Grad-CAM interpretability method on the Vision Transformer model. We demonstrate that an adversarial example is a Feature Shift of the input data, which leads to an Attention Deviation of the visual model. We propose a framework for capturing the Attention Deviation of vision models to defend against adversarial attacks. Furthermore, experiments show that our model achieves expectative results.

Original language	English
Article number	220
Journal	ACM Transactions on Multimedia Computing, Communications and Applications
Volume	21
Issue number	8
DOIs	https://doi.org/10.1145/3674981
Publication status	Published - 13 Aug 2025

Keywords

adversarial defense
Adversary attack
model explanation
trustworthy edge computing
vision transformer

Access to Document

10.1145/3674981

Cite this

@article{47c12cd29a2d4a1c8fd926996c0b0d57,

title = "Unsupervised Adversarial Example Detection of Vision Transformers for Trustworthy Edge Computing",

abstract = "Many edge computing applications based on computer vision have harnessed the power of deep learning. As an emerging deep learning model for vision, Vision Transformer models have recently achieved record-breaking performance in various vision tasks. But many recent studies on the robustness of the Vision Transformer have shown that the Vision Transformer is still vulnerable to adversarial attacks and is easily affected by adversarial attacks, causing the model to misclassify the input. In this work, we ask an intriguing question: “Can Adversarial Perturbations against Vision Transformers be detected with model explanations?” Driven by this question, we observe that benign samples and adversarial examples have different attribution maps after applying the Grad-CAM interpretability method on the Vision Transformer model. We demonstrate that an adversarial example is a Feature Shift of the input data, which leads to an Attention Deviation of the visual model. We propose a framework for capturing the Attention Deviation of vision models to defend against adversarial attacks. Furthermore, experiments show that our model achieves expectative results.",

keywords = "adversarial defense, Adversary attack, model explanation, trustworthy edge computing, vision transformer",

author = "Jiaxing Li and Tan Yu{\textquoteright}An and Jie Yang and Zhengdao Li and Heng Ye and Chenxiao Xia and Yuanzhang Li",

note = "Publisher Copyright: {\textcopyright} 2025 Copyright held by the owner/author(s). Publication rights licensed to ACM.",

year = "2025",

month = aug,

day = "13",

doi = "10.1145/3674981",

language = "English",

volume = "21",

journal = "ACM Transactions on Multimedia Computing, Communications and Applications",

issn = "1551-6857",

publisher = "Association for Computing Machinery (ACM)",

number = "8",

}

TY - JOUR

T1 - Unsupervised Adversarial Example Detection of Vision Transformers for Trustworthy Edge Computing

AU - Li, Jiaxing

AU - Yu’An, Tan

AU - Yang, Jie

AU - Li, Zhengdao

AU - Ye, Heng

AU - Xia, Chenxiao

AU - Li, Yuanzhang

PY - 2025/8/13

Y1 - 2025/8/13

N2 - Many edge computing applications based on computer vision have harnessed the power of deep learning. As an emerging deep learning model for vision, Vision Transformer models have recently achieved record-breaking performance in various vision tasks. But many recent studies on the robustness of the Vision Transformer have shown that the Vision Transformer is still vulnerable to adversarial attacks and is easily affected by adversarial attacks, causing the model to misclassify the input. In this work, we ask an intriguing question: “Can Adversarial Perturbations against Vision Transformers be detected with model explanations?” Driven by this question, we observe that benign samples and adversarial examples have different attribution maps after applying the Grad-CAM interpretability method on the Vision Transformer model. We demonstrate that an adversarial example is a Feature Shift of the input data, which leads to an Attention Deviation of the visual model. We propose a framework for capturing the Attention Deviation of vision models to defend against adversarial attacks. Furthermore, experiments show that our model achieves expectative results.

AB - Many edge computing applications based on computer vision have harnessed the power of deep learning. As an emerging deep learning model for vision, Vision Transformer models have recently achieved record-breaking performance in various vision tasks. But many recent studies on the robustness of the Vision Transformer have shown that the Vision Transformer is still vulnerable to adversarial attacks and is easily affected by adversarial attacks, causing the model to misclassify the input. In this work, we ask an intriguing question: “Can Adversarial Perturbations against Vision Transformers be detected with model explanations?” Driven by this question, we observe that benign samples and adversarial examples have different attribution maps after applying the Grad-CAM interpretability method on the Vision Transformer model. We demonstrate that an adversarial example is a Feature Shift of the input data, which leads to an Attention Deviation of the visual model. We propose a framework for capturing the Attention Deviation of vision models to defend against adversarial attacks. Furthermore, experiments show that our model achieves expectative results.

KW - adversarial defense

KW - Adversary attack

KW - model explanation

KW - trustworthy edge computing

KW - vision transformer

UR - https://www.scopus.com/pages/publications/105019103417

U2 - 10.1145/3674981

DO - 10.1145/3674981

M3 - Article

AN - SCOPUS:105019103417

SN - 1551-6857

VL - 21

JO - ACM Transactions on Multimedia Computing, Communications and Applications

JF - ACM Transactions on Multimedia Computing, Communications and Applications

IS - 8

M1 - 220

ER -

Unsupervised Adversarial Example Detection of Vision Transformers for Trustworthy Edge Computing

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this