A Mimetic Detector for Adversarial Image Perturbations

Abstract

Adversarial attacks fool deep image classifiers by adding tiny, almost invisible noise patterns to a clean image. The standard ∞-bounded attacks (FGSM, PGD, and the ∞ variant of Carlini--Wagner) produce high-frequency, near-random sign patterns at the pixel level: nearly invisible in 2, but carrying disproportionate gradient energy. We exploit this with a single-shot, training-free detector using the high-order Corbino--Castillo mimetic operators from the open-source MOLE library. No retraining, no surrogate classifier, no access to the network under attack: the verdict is a property of the input alone, computed in O(HW) time. We validate the detector on the standard peppers test image at the canonical ∞ budget = 16/255 and observe a clean-vs-adversarial separation that grows monotonically from 3.55× at order k=2 to 4.62× at k=8.