Perturbation analysis of gradient-based adversarial attacks

Ozbulak, Utku; Gasparyan, M. D.; Neve, Wesley De; Messem, Arnout Van

doi:10.1016/j.patrec.2020.04.034

Cited by 10 publications

(4 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For all CIFAR100 and ImageNet models, only 17% and 1.4% of the entries in the confusion matrix are higher than 0 (note that for an attack that induces optimal target class diversity, 100% and 7.2% of the entries in the confusion matrix would be higher than 0, respectively). Concurrent work by [30] made a similar observation on the ImageNet dataset. They find that untargeted adversarial attacks mostly cause misclassifications into semantically similar classes.…”

Section: Distribution Of Misclassificationsmentioning

confidence: 55%

Exploring misclassifications of robust neural networks to enhance adversarial attacks

et al. 2023

View full text Add to dashboard Cite

Progress in making neural networks more robust against adversarial attacks is mostly marginal, despite the great efforts of the research community. Moreover, the robustness evaluation is often imprecise, making it challenging to identify promising approaches. We do an observational study on the classification decisions of 19 different state-of-the-art neural networks trained to be robust against adversarial attacks. This analysis gives a new indication of the limits of the robustness of current models on a common benchmark. In addition, our findings suggest that current untargeted adversarial attacks induce misclassification toward only a limited amount of different classes. Similarly, we find that previous attacks under-explore the perturbation space during optimization. This leads to unsuccessful attacks for samples where the initial gradient direction is not a good approximation of the final adversarial perturbation direction. Additionally, we observe that both over- and under-confidence in model predictions result in an inaccurate assessment of model robustness. Based on these observations, we propose a novel loss function for adversarial attacks that consistently improves their efficiency and success rate compared to prior attacks for all 30 analyzed models.

show abstract

Section: Distribution Of Misclassificationsmentioning

confidence: 55%

Exploring misclassifications of robust neural networks to enhance adversarial attacks

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Artificial corruptions [36,14,37,16,11] or natural shifts [15,38] on curated data have already exposed biases and architectural vulnerabilities. Adversarial robustness [39,40,41,42,43] is a related field where models are tested against adversarial examples, which introduce imperceptible though influential perturbations on images. Contrary to such attempts, we concentrated around naturally occurring distribution shifts stemming from uncurated image data.…”

Section: Robustness Under Distribution Shiftsmentioning

confidence: 99%

Fine-Grained ImageNet Classification in the Wild

Lymperaiou¹,

Thomas²,

Stamou³

2023

Preprint

View full text Add to dashboard Cite

Image classification has been one of the most popular tasks in Deep Learning, seeing an abundance of impressive implementations each year. However, there is a lot of criticism tied to promoting complex architectures that continuously push performance metrics higher and higher. Robustness tests can uncover several vulnerabilities and biases which go unnoticed during the typical model evaluation stage. So far, model robustness under distribution shifts has mainly been examined within carefully curated datasets. Nevertheless, such approaches do not test the real response of classifiers in the wild, e.g. when uncurated web-crawled image data of corresponding classes are provided. In our work, we perform fine-grained classification on closely related categories, which are identified with the help of hierarchical knowledge. Extensive experimentation on a variety of convolutional and transformer-based architectures reveals model robustness in this novel setting. Finally, hierarchical knowledge is again employed to evaluate and explain misclassifications, providing an information-rich evaluation scheme adaptable to any classifier.

show abstract

“…Step approach to eliminate the iterations needed to obtain an adversarial perturbation. It improved loss function [11].…”

Section: Introductionmentioning

confidence: 96%

Alpha Fusion Adversarial Attack Analysis Using Deep Learning

Khan¹,

Ullah²,

Naz³

et al. 2023

Computer Systems Science and Engineering

View full text Add to dashboard Cite

The deep learning model encompasses a powerful learning ability that integrates the feature extraction, and classification method to improve accuracy. Convolutional Neural Networks (CNN) perform well in machine learning and image processing tasks like segmentation, classification, detection, identification, etc. The CNN models are still sensitive to noise and attack. The smallest change in training images as in an adversarial attack can greatly decrease the accuracy of the CNN model. This paper presents an alpha fusion attack analysis and generates defense against adversarial attacks. The proposed work is divided into three phases: firstly, an MLSTM-based CNN classification model is developed for classifying COVID-CT images. Secondly, an alpha fusion attack is generated to fool the classification model. The alpha fusion attack is tested in the last phase on a modified LSTM-based CNN (CNN-MLSTM) model and other pre-trained models. The results of CNN models show that the accuracy of these models dropped greatly after the alpha-fusion attack. The highest F1 score before the attack was achieved is 97.45 And after the attack lowest F1 score recorded is 22%. Results elucidate the performance in terms of accuracy, precision, F1 score and Recall.

show abstract

Perturbation analysis of gradient-based adversarial attacks

Cited by 10 publications

References 17 publications

Exploring misclassifications of robust neural networks to enhance adversarial attacks

Exploring misclassifications of robust neural networks to enhance adversarial attacks

Fine-Grained ImageNet Classification in the Wild

Alpha Fusion Adversarial Attack Analysis Using Deep Learning

Contact Info

Product

Resources

About