Defense against adversarial attacks on deep convolutional neural networks through nonlocal denoising

Aneja, Sandhya; Aneja, Nagender; Abas, Pg Emeroylariffion; Naim, Abdul Ghani

doi:10.11591/ijai.v11.i3.pp961-968

Cited by 6 publications

(6 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The specific case of contradictory examples challenges us, because generating patches which when placed in strategic places of the classifier's field of vision produces a targeted class [ 28 ] leading it to predict an erroneous class with a high degree of confidence. This ability to fool the system is made possible with the introduction of almost imperceptible noise.…”

Section: Related Workmentioning

confidence: 99%

RoFace: A robust face representation approach for accurate classification

Fute

Deffo

Tonyé

2023

Heliyon

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

RoFace: A robust face representation approach for accurate classification

Fute

Deffo

Tonyé

2023

Heliyon

View full text Add to dashboard Cite

“…For each component of 𝐹 , 𝑓 𝑖 (𝒙) ∈ [0, 1] denotes the prediction score of 𝑖-th class. In ranking values, we define 𝑓 [𝑖 ] (𝒙) as the 𝑖-th largest element of 𝐹 (𝒙), that is, 𝑓 [1] (𝒙) ≥ 𝑓 [2] (𝒙) ≥ • • • ≥ 𝑓 [𝑐 ] (𝒙). In the following content, we uniformly assume that the ties between any two prediction scores are completely broken, i.e., 𝑓 [1]…”

Section: Notationsmentioning

confidence: 99%

“…When 𝑖 = 1, Δ [1] is the largest difference since 𝑓 [𝑐 ] (𝒙 + 𝝐) is the smallest value among 𝑐 scores. It could be known that as 𝑖 increases, the value of 𝑓 [𝑐 −𝑖+1] (𝒙 +𝝐) increases consistently and the difference Δ [𝑖 ] reduces.…”

Section: Optimization Relaxationmentioning

confidence: 99%

See 1 more Smart Citation

When Measures are Unreliable: Imperceptible Adversarial Perturbations toward Top-k Multi-Label Learning

Sun,

Xu,

Wang

et al. 2023

Proceedings of the 31st ACM International Conference on Multimedia

View full text Add to dashboard Cite

With the great success of deep neural networks, adversarial learning has received widespread attention in various studies, ranging from multi-class learning to multi-label learning. However, existing adversarial attacks toward multi-label learning only pursue the traditional visual imperceptibility but ignore the new perceptible problem coming from measures such as Precision@𝑘 and mAP@𝑘. Specifically, when a well-trained multi-label classifier performs far below the expectation on some samples, the victim can easily realize that this performance degeneration stems from attack, rather than the model itself. Therefore, an ideal multi-labeling adversarial attack should manage to not only deceive visual perception but also evade monitoring of measures. To this end, this paper first proposes the concept of measure imperceptibility. Then, a novel loss function is devised to generate such adversarial perturbations that could achieve both visual and measure imperceptibility. Furthermore, an efficient algorithm, which enjoys a convex objective, is established to optimize this objective. Finally, extensive experiments on large-scale benchmark datasets, such as PASCAL VOC 2012, MS COCO, and NUS WIDE, demonstrate the superiority of our proposed method in attacking the top-𝑘 multi-label systems. Our code is available at: https://github.com/Yuchen-Sunflower/TKMIA. CCS CONCEPTS• Computing methodologies → Ranking; Classification and regression trees.

show abstract

“…In order to defend against the threats posed by adversarial attacks to artificial intelligence security applications, researchers have investigated multiple network models for adversarial attack defense methods, which at this stage are mainly divided into three categories: (1) data preprocessing for adversarial examples; (2) enhancing the robustness of deep neural networks; and (3) detecting adversarial examples. Data preprocessing methods such as denoising ( Aneja et al, 2022 ; Xu et al, 2022 ) and data compression ( Chang et al, 2022 ; Zhang, Yi & Sang, 2022 ). The advantages of these methods are faster computation and no need to modify the network structure, the disadvantages are that denoising and data compression can cause loss of information in the image, the neural network cannot extract features adequately, which makes the neural network make wrong judgments.…”

Section: Introductionmentioning

confidence: 99%

Enhancing the robustness of vision transformer defense against adversarial attacks based on squeeze-and-excitation module

Chang

Hong

Wang

2023

PeerJ Computer Science

View full text Add to dashboard Cite

Vision Transformer (ViT) models have achieved good results in computer vision tasks, their performance has been shown to exceed that of convolutional neural networks (CNNs). However, the robustness of the ViT model has been less studied recently. To address this problem, we investigate the robustness of the ViT model in the face of adversarial attacks, and enhance the robustness of the model by introducing the ResNet- SE module, which acts on the Attention module of the ViT model. The Attention module not only learns edge and line information, but also can extract increasingly complex feature information; ResNet-SE module highlights the important information of each feature map and suppresses the minor information, which helps the model to perform the extraction of key features. The experimental results show that the accuracy of the proposed defense method is 19.812%, 17.083%, 18.802%, 21.490%, and 18.010% against Basic Iterative Method (BIM), C&W, DeepFool, DI2FGSM, and MDI2FGSM attacks, respectively. The defense method in this paper shows strong robustness compared with several other models.

show abstract

Defense against adversarial attacks on deep convolutional neural networks through nonlocal denoising

Cited by 6 publications

References 31 publications

RoFace: A robust face representation approach for accurate classification

RoFace: A robust face representation approach for accurate classification

When Measures are Unreliable: Imperceptible Adversarial Perturbations toward Top-k Multi-Label Learning

Enhancing the robustness of vision transformer defense against adversarial attacks based on squeeze-and-excitation module

Contact Info

Product

Resources

About