More Web Proxy on the site http://driver.im/

Article

Detect Adversarial Examples by Using Feature Autoencoder

Authors:

Xiulai LiAuthors Info & Claims

Artificial Intelligence and Security: 8th International Conference, ICAIS 2022, Qinghai, China, July 15–20, 2022, Proceedings, Part III

Pages 233 - 242

https://doi.org/10.1007/978-3-031-06791-4_19

Published: 15 July 2022 Publication History

Abstract

The existence of adversarial samples seriously threatens the security of various deep learning models. Therefore, the detection of adversarial examples is a very important work. Motivated by the comparison with feature maps of adversarial examples and normal examples, we designed an autoencoder to detect the adversarial examples using the feature maps. The feature autoencoder has been evaluated to detect FGSM, DeepFool, JSMA and C&W attacks on CIFAR-10 datasets. The experimental results showed that feature-level detector can detect state-of-art attacks more effectively than at the pixel-level.

References

[1]

Hinton G, Deng L, and Yu D Deep neural networks for acoustic modeling in speech recognition: the shared views of four research groups IEEE Signal Process. Mag. 2012 29 82-97

[2]

Alex, K., Ilya, S., Hg, E.: Imagenet classification with deep convolutional neural networks. In: Proceedings of NIPS, IEEE, Neural Information Processing System Foundation, pp. 1097–1105 (2012)

[3]

Liu W, Wang Z, Liu X, Zeng N, Liu Y, and Alsaadi F A survey of deep neural network architectures and their applications Neurocomputing 2016 234 11-26

[4]

Szegedy, C., Zaremba, W., Goodfellow, I.: Intriguing properties of neural networks. arXiv:1312.6199 (2013)

[5]

Xu H et al. Adversarial attacks and defenses in images, graphs and text: a review IEEE Signal Process. Mag. 2020 17 151-178

[6]

Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv:1412.6572 (2014)

[7]

Papernot, N., Mcdaniel, P., Jha, S., Fredrikson, M., Celik, Z.B., Swami, A.: The limitations of deep learning in adversarial settings. In: IEEE European Symposium on Security & Privacy (2015)

[8]

Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. arXiv:1511.04599 (2015)

[9]

Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. arXiv:1608.04644 (2016)

[10]

Moosavi-Dezfooli, S.M., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp.86–94 (2017)

[11]

Gu, T., Dolan-Gavitt, B., Garg, S.: Identifying vulnerabilities in the machine learning model supply chain (2017)

[12]

Gong, Z., Wang, W., Ku, W.S.: Adversarial and clean data are not twins. arXiv:1704.04960 (2017)

[13]

Akhtar, N., Liu, J., Mian, A.: Defense against universal adversarial perturbations. arXiv:1711.05929 (2017)

[14]

Hendrycks, D., Gimpel, K.: Early methods for detecting adversarial images. arXiv:1608.00530 (2016)

[15]

Grosse, K., Manoharan, P., Papernot, N., et al.: On the (statistical) detection of adversarial examples. arXiv:1702.06280 (2017)

[16]

Lee S, Kim NR, Cho Y, Choi JY, Kim S, et al. Adversarial detection with gaussian process regression-based detector KSII Trans. Internet Inf. Syst. 2019 13 4285-4299

[17]

Goodfellow, I., Bengio, Y., Courville, A.: Deep learning. MIT Press, New York (2016). http://www.deeplearningbook.org

[18]

IBM, Welcome to the adversarial robustness toolbox (2019). https://adversarial-robustness-toolbox.readthedocs.io/en/stable/

[19]

Krizhevsky, A., Nair, V., Hinton, G.: CIFAR-10 and CIFAR-100 datasets (2009). https://www.cs.toronto.edu/~kriz/cifar.html

[20]

Davis, J., Goadrich, M.: The relationship between precision-recall and ROC curves. In: Proceedings of the 23rd International Conference on Machine Learning, vol. 6. ACM (2006)

Cited By

Pedraza ADeniz OSingh HBueno G(2024)Leveraging AutoEncoders and chaos theory to improve adversarial example detectionNeural Computing and Applications10.1007/s00521-024-10141-136:29(18265-18275)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s00521-024-10141-1
van Weezel Tvan Ree FBos TBastiaanssen PHess S(2024)Purifying Adversarial Examples Using an AutoencoderDiscovery Science10.1007/978-3-031-78980-9_9(134-148)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-78980-9_9

Index Terms

Detect Adversarial Examples by Using Feature Autoencoder
1. Computing methodologies
  1. Artificial intelligence
    1. Computer vision
  2. Machine learning
    1. Learning paradigms
      1. Supervised learning
    2. Machine learning approaches
      1. Neural networks

Index terms have been assigned to the content through auto-classification.

Recommendations

Feature autoencoder for detecting adversarial examples
Abstract
Deep neural networks (DNNs) have gained widespread adoption in computer vision. Unfortunately, state‐of‐the‐art DNNs are vulnerable to adversarial example (AE) attacks, where an adversary introduces imperceptible perturbations to a test example ...
A lightweight unsupervised adversarial detector based on autoencoder and isolation forest
Abstract
Although deep neural networks (DNNs) have performed well on many perceptual tasks, they are vulnerable to adversarial examples that are generated by adding slight but maliciously crafted perturbations to benign images. Adversarial detection is an ...
Highlights
- We observe that adversarial detection is sensitive to the perturbation level.
- We train a shallow autoencoder to find two key features from adversarial examples.
- We propose a lightweight and unsupervised adversarial detector.
A hybrid adversarial training for deep learning model and denoising network resistant to adversarial examples
Abstract
Deep neural networks (DNNs) are vulnerable to adversarial attacks that generate adversarial examples by adding small perturbations to the clean images. To combat adversarial attacks, the two main defense methods used are denoising and adversarial ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

Artificial Intelligence and Security: 8th International Conference, ICAIS 2022, Qinghai, China, July 15–20, 2022, Proceedings, Part III

Jul 2022

743 pages

ISBN:978-3-031-06790-7

DOI:10.1007/978-3-031-06791-4

Editors:
Xingming Sun
Nanjing University of Information Science and Technology, Nanjing, China
,
Xiaorui Zhang
Nanjing University of Information Science and Technology, Nanjing, China
,
Zhihua Xia
Jinan University, Guangzhou, China
,
Elisa Bertino
Purdue University, West Lafayette, IN, USA

© The Author(s), under exclusive license to Springer Nature Switzerland AG 2022.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 15 July 2022

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pedraza ADeniz OSingh HBueno G(2024)Leveraging AutoEncoders and chaos theory to improve adversarial example detectionNeural Computing and Applications10.1007/s00521-024-10141-136:29(18265-18275)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1007/s00521-024-10141-1
van Weezel Tvan Ree FBos TBastiaanssen PHess S(2024)Purifying Adversarial Examples Using an AutoencoderDiscovery Science10.1007/978-3-031-78980-9_9(134-148)Online publication date: 14-Oct-2024
https://dl.acm.org/doi/10.1007/978-3-031-78980-9_9

View Options

View options

Figures

Tables

Media

View Table of Conten