Defense-friendly Images in Adversarial Attacks: Dataset and Metrics for Perturbation Difficulty

Pestana, Camilo; Liu, Wei; Glance, David; Mian, Ajmal

doi:10.1109/wacv48630.2021.00060

Cited by 5 publications

(8 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, as a side-effect of making these images more 'recognizable', they also get more resilient against adversarial attacks such as FGSM and PGD. Whereas this phenomenon was first studied by Pestana et al [33] for the ImageNet dataset, our proposed method offers a simple but efficient way of creating 'Robust' datasets and can be applied to any other datasets.…”

Section: Assistive Signals In the 2d Spacementioning

confidence: 94%

“…There is an emerging area related to 'robust', 'easier-toclassify' and 'harder-to-perturb' datasets. As a concrete example, recently Pestana et al [33] proposed a dataset with robust natural images and showed that datasets with robust images are also harder-to-perturb and they could be used to create better adversarial attacks and perform unbiased benchmarking for defenses in the area of adversarial learning. We believe that our work nicely complements [33].…”

Section: Assistive Signals In the 2d Spacementioning

confidence: 99%

“…As a concrete example, recently Pestana et al [33] proposed a dataset with robust natural images and showed that datasets with robust images are also harder-to-perturb and they could be used to create better adversarial attacks and perform unbiased benchmarking for defenses in the area of adversarial learning. We believe that our work nicely complements [33]. They proposed algorithms to find natural robust images, which is an exhaustive process.…”

Section: Assistive Signals In the 2d Spacementioning

confidence: 99%

See 2 more Smart Citations

Physical world assistive signals for deep neural network classifiers -- neither defense nor attack

Pestana,

Liu,

Glance

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Deep Neural Networks lead the state of the art of computer vision tasks. Despite this, Neural Networks are brittle in that small changes in the input can drastically affect their prediction outcome and confidence. Consequently and naturally, research in this area mainly focus on adversarial attacks and defenses. In this paper, we take an alternative stance and introduce the concept of Assistive Signals, which are optimized to improve a model's confidence score regardless if it's under attack or not. We analyse some interesting properties of these assistive perturbations and extend the idea to optimize assistive signals in the 3D space for real-life scenarios simulating different lighting conditions and viewing angles. Experimental evaluations show that the assistive signals generated by our optimization method increase the accuracy and confidence of deep models more than those generated by conventional methods that work in the 2D space. Our 'Assistive Signals' illustrate the intrinsic bias of ML models towards certain patterns in real-life objects. We discuss how we can exploit these insights to rethink, or avoid, some patterns that might contribute to, or degrade, the detectability of objects in the real-world.

show abstract

Section: Assistive Signals In the 2d Spacementioning

confidence: 94%

Section: Assistive Signals In the 2d Spacementioning

confidence: 99%

Section: Assistive Signals In the 2d Spacementioning

confidence: 99%

See 1 more Smart Citation

Physical world assistive signals for deep neural network classifiers -- neither defense nor attack

Pestana,

Liu,

Glance

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…To evaluate the robustness of Si m-DNN to imperceptible adversarial attacks, the recently introduced ImageNet-R dataset [38] was considered. The ImageNet-R dataset is a modified version of the ImageNet dataset for the specific task of adversarial attack detection.…”

Section: Methodsmentioning

confidence: 99%

Similarity-based Deep Neural Network to Detect Imperceptible Adversarial Attacks

Soares

Angelov

Suri

2022

2022 IEEE Symposium Series on Computational Intelligence (SSCI)

View full text Add to dashboard Cite

Deep neural networks (DNN's) have become essential for solving diverse complex problems and have achieved considerable success in tackling computer vision tasks. However, DNN's are vulnerable to human-imperceptible adversarial distortion/noise patterns that can detrimentally impact safetycritical applications such as autonomous driving. In this paper, we introduce a novel robust-by-design deep learning approach, Si m-DNN, that is able to detect adversarial attacks through its inner defense mechanism that considers the degree of similarity between new data samples and autonomously chosen prototypes. The approach benefits from the abrupt drop of the similarity score to detect concept changes caused by distorted/noise data when comparing their similarities against the set of prototypes. Due to the feed-forward prototypebased architecture of Si m-DNN, no re-training or adversarial training is required. In order to evaluate the robustness of the proposed method, we considered the recently introduced ImageNet-R dataset and different adversarial attack methods such as FGSM, PGD, and DDN. Different DNN's methods were also considered in the analysis. Results have shown that the proposed Si m-DNN is able to detect adversarial attacks with better performance than its mainstream competitors. Moreover, as no adversarial training is required by Si m-DNN, its performance on clean and robust images is more stable than its competitors which require an external defense mechanism to improve their robustness.

show abstract

“…Nevertheless, research in the field of adversarial attacks on such systems [16,17] proves that even the use of biometric metrics such as voice is not a guarantee of protection from adversarial attacks. Adversarial attacks can negatively affect the operation of almost any system [17][18][19][20][21], but we assume that certain characteristics of datasets may have some influence on the effectiveness of an attack [22,23].…”

Section: Introductionmentioning

confidence: 99%

Adversarial Attacks Impact on the Neural Network Performance and Visual Perception of Data under Attack

et al. 2022

View full text Add to dashboard Cite

Machine learning algorithms based on neural networks are vulnerable to adversarial attacks. The use of attacks against authentication systems greatly reduces the accuracy of such a system, despite the complexity of generating a competitive example. As part of this study, a white-box adversarial attack on an authentication system was carried out. The basis of the authentication system is a neural network perceptron, trained on a dataset of frequency signatures of sign. For an attack on an atypical dataset, the following results were obtained: with an attack intensity of 25%, the authentication system availability decreases to 50% for a particular user, and with a further increase in the attack intensity, the accuracy decreases to 5%.

show abstract

Defense-friendly Images in Adversarial Attacks: Dataset and Metrics for Perturbation Difficulty

Cited by 5 publications

References 30 publications

Physical world assistive signals for deep neural network classifiers -- neither defense nor attack

Physical world assistive signals for deep neural network classifiers -- neither defense nor attack

Similarity-based Deep Neural Network to Detect Imperceptible Adversarial Attacks

Adversarial Attacks Impact on the Neural Network Performance and Visual Perception of Data under Attack

Contact Info

Product

Resources

About