Adversarial Dual Network Learning With Randomized Image Transform for Restoring Attacked Images

Yuan, Jianhe; He, Zhihai

doi:10.1109/access.2020.2969288

Cited by 16 publications

(6 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Takahashi [26] investigated indirect adversarial attacks in graph convolutional neural networks and discussed a detection method to find one new attack which could poison node features and lead to the misclassification. Yuan and He [27] presented an adversarial dual network learning model for DNN-based defense. They formulated this problem using a generative adversarial network and developed a detector with a generative cleaning network to clean up the attack noise following a randomized nonlinear image transform.…”

Section: B Adversarial Attacks Against Gnnmentioning

confidence: 99%

Hierarchical Adversarial Attacks Against Graph-Neural-Network-Based IoT Network Intrusion Detection System

Zhou

Liang

Liu

et al. 2022

IEEE Internet Things J.

190

View full text Add to dashboard Cite

From 2012 to 2015, he was a Research Associate with the Faculty of Human Sciences, Waseda University. He has been working as a Visiting Researcher with the RIKEN Center for Advanced Intelligence Project, RIKEN, Tokyo, since 2017. He has been engaged in interdisciplinary research works in the fields of computer science and engineering, information systems, and social and human informatics. His recent research interests include ubiquitous computing, big data, machine learning, behavior and cognitive informatics, cyber-physical-social systems, cyber intelligence, and security.Dr. Zhou is a member of IEEE CS, and ACM, USA, IPSJ, and JSAI, Japan, and CCF, China.

show abstract

Section: B Adversarial Attacks Against Gnnmentioning

confidence: 99%

Hierarchical Adversarial Attacks Against Graph-Neural-Network-Based IoT Network Intrusion Detection System

Zhou

Liang

Liu

et al. 2022

IEEE Internet Things J.

190

View full text Add to dashboard Cite

show abstract

“…Our DNN-based hybrid adversarial defense approach, which includes random filtering, ensembling and local feature mapping, is the first of its kind, and no previous work has attempted such a hybrid method for defense against adversarial attacks to the sign recognition of the AV perception module. Moreover, this is the first formal defense method specific to adversarial attacks on traffic sign classifiers, as previous models have been tested on generic datasets [12], [15], [16]. Previous literature has presented deterministic defense methods that are not resilient to new attack types beyond the attacks considered in the research [14].…”

Section: Contributions Of This Studymentioning

confidence: 99%

“…Generative adversarial networks (GAN) are also popular defense methods [17]. For example, Yuan and He developed an adversarial dual network learning method supported by random image transform as a defense method [16]. At first, the input image is transformed to override the noise of an adversarial attack.…”

Section: ) Generative Adversarial Networkmentioning

confidence: 99%

“…Overall, from the literature review, we have found several gaps for resiliency against adversarial attacks which we address in this study. At first, existing defense methods have been tested for benchmark datasets such as MNIST (contains images of hand-written digits), Fashion-MNIST (contains images of fashion accessories and clothes), and CIFAR-10 (contains images of airplane, automobile, bird, cat, deer, dog, frog, horse, ship, and trucks) [12], [15], [16].…”

Section: B Knowledge Gaps In Existing Literaturementioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Defense Method against Adversarial Attacks on Traffic Sign Classifiers in Autonomous Vehicles

Khan¹,

Chowdhury²,

Khan³

2022

Preprint

View full text Add to dashboard Cite

Adversarial attacks can make deep neural network (DNN) models predict incorrect output labels, such as misclassified traffic signs, for autonomous vehicle (AV) perception modules. Resilience against adversarial attacks can help AVs navigate safely on the road by avoiding misclassication of signs or objects. This DNN-based study develops a resilient traffic sign classifier for AVs that uses a hybrid defense method. We use transfer learning to retrain the Inception-V3 and Resnet-152 models as traffic sign classifiers. This method also utilizes a combination of three different strategies: random filtering, ensembling, and local feature mapping. We use the random cropping and resizing technique for random filtering, plurality voting as ensembling strategy and an optical character recognition model as a local feature mapper. This DNN-based hybrid defense method has been tested for the no attack scenario and against well-known untargeted adversarial attacks (e.g., Projected Gradient Descent or PGD, Fast Gradient Sign Method or FGSM, Momentum Iterative Method or MIM attack, and Carlini and Wagner or C&W). We find that our hybrid defense method achieves 99% average traffic sign classification accuracy for the no attack scenario and 88% average traffic sign classification accuracy for all attack scenarios. Moreover, the hybrid defense method, presented in this study, improves the accuracy for traffic sign classification compared to the traditional defense methods (i.e., JPEG filtering, feature squeezing, binary filtering, and random filtering) up to 6%, 50%, and 55% for FGSM, MIM, and PGD attacks, respectively.<br>

show abstract

“…Dual-defense[33] have provided results for FSM and PGD attack on the cifar-10 dataset. The target classifier and detector network are based on the ResNet network.…”

mentioning

confidence: 99%

Progressive Defense Against Adversarial Attacks for Deep Learning as a Service in Internet of Things

Wang¹,

Zhang²,

Luo³

et al. 2020

Preprint

View full text Add to dashboard Cite

Nowadays, Deep Learning as a service can be deployed in Internet of Things (IoT) to provide smart services and sensor data processing. However, recent research has revealed that some Deep Neural Networks (DNN) can be easily misled by adding relatively small but adversarial perturbations to the input (e.g., pixel mutation in input images). One challenge in defending DNN against these attacks is to efficiently identifying and filtering out the adversarial pixels. The state-of-the-art defense strategies with good robustness often require additional model training for specific attacks. To reduce the computational cost without loss of generality, we present a defense strategy called a progressive defense against adversarial attacks (PDAAA) for efficiently and effectively filtering out the adversarial pixel mutations, which could mislead the neural network towards erroneous outputs, without a-priori knowledge about the attack type. We evaluated our progressive defense strategy against various attack methods on two well-known datasets. The result shows it outperforms the state-of-the-art while reducing the cost of model training by 50% on average.

show abstract

Adversarial Dual Network Learning With Randomized Image Transform for Restoring Attacked Images

Cited by 16 publications

References 24 publications

Hierarchical Adversarial Attacks Against Graph-Neural-Network-Based IoT Network Intrusion Detection System

Hierarchical Adversarial Attacks Against Graph-Neural-Network-Based IoT Network Intrusion Detection System

A Hybrid Defense Method against Adversarial Attacks on Traffic Sign Classifiers in Autonomous Vehicles

Progressive Defense Against Adversarial Attacks for Deep Learning as a Service in Internet of Things

Contact Info

Product

Resources

About