Similarity-based Deep Neural Network to Detect Imperceptible Adversarial Attacks

Soares, Eduardo; Angelov, Plamen; Suri, Neeraj

doi:10.1109/ssci51031.2022.10022016

Cited by 6 publications

(7 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…After extracting feature maps from attacked and clean images, we aim to efficiently recover lost information from the highlevel representations with a simple network. Conventional feature fusion methods commonly focus on fusing with different resolutions [11], [21]. However, we observe that the attack detection performance is still limited, which will be further confirmed in Section IV.C.…”

Section: B Feature Fusion Networksupporting

confidence: 54%

“…3) Sim-DNN: As one of the deep learning-based detection techniques, Soares et al propose a similarity-based deep neural network (sim-DNN) to detect adversarial attacks [21]. The degree of similarity between training samples and their prototypes is considered.…”

Section: B Detectionmentioning

confidence: 99%

“…2. Different from conventional attack detection methods [16], [21], in the data pre-processing stage, each image sample are attacked with random error rates and individually fed to each layer. Then, feature maps are extracted from the attacked and clean images.…”

Section: A Feature Extractor Trainingmentioning

confidence: 99%

“…The adversarial samples from these datasets are constructed with FGSM, PGD, and SSAH attacks. We select these attacks because they are robust to novel adversarial attack detection and defense techniques [15], [21]. Each one is The error rate In the experiment, the detection rate (DR) [21] is used as the performance measure.…”

Section: Experiments a Datasets And Performance Measurementioning

confidence: 99%

See 3 more Smart Citations

Domain Generalization and Feature Fusion for Cross-domain Imperceptible Adversarial Attack Detection

Angelov

Suri

2023

2023 International Joint Conference on Neural Networks (IJCNN)

Self Cite

View full text Add to dashboard Cite

Deep learning-based imperceptible adversarial attack detection methods have recently seen significant progress. However, the accuracy, latency, and computational cost of previous methods remain insufficient. Particularly, trained attack detection models can potentially be applied in previously unseen conditions, such as new datasets or attacks for real-world applications. Therefore, to improve domain generalization performance, we propose a new method for cross-domain imperceptible adversarial attack detection by leveraging domain generalization, where we train the model's feature extractor or detector with a partner well-tuned for different domains. Different from conventional domain generalization methods, we use the global loss and local loss to train each feature extractor or detector. Moreover, to efficiently re-use high-resolution feature maps from the feature extractor, we propose a feature fusion network, which exploits feature maps from images that are attacked with different error rates and helps extract rich features to further improve the attack detection accuracy. Extensive experiments on four public datasets are used to demonstrate the efficacy of the proposed method. The source code of the proposed method is available at https://github.com/Yukino-3/DTAD.

show abstract

Section: B Feature Fusion Networksupporting

confidence: 54%

Section: B Detectionmentioning

confidence: 99%

Section: A Feature Extractor Trainingmentioning

confidence: 99%

Section: Experiments a Datasets And Performance Measurementioning

confidence: 99%

See 2 more Smart Citations

Domain Generalization and Feature Fusion for Cross-domain Imperceptible Adversarial Attack Detection

Angelov

Suri

2023

2023 International Joint Conference on Neural Networks (IJCNN)

Self Cite

View full text Add to dashboard Cite

show abstract

“…We believe defence strategies [23] should be considered in future research to improve transportation engineering's safety in this new area. Potential future work direction include using Topological Data Analysis [24] to identify evasion features, adversarial training, and detection strategies [25].…”

Section: Discussionmentioning

confidence: 99%

Soft Body Pose-Invariant Evasion Attacks against Deep Learning Human Detection

Li,

Guo

2023

2023 IEEE Ninth International Conference on Big Data Computing Service and Applications (BigDataService)

View full text Add to dashboard Cite

Evasion attacks on deep neural networks (DNN) use artificial data to manipulate common neural network layers (e.g., convolution operations) to create higher losses. This allows targets to evade detection and/or classification across a wide range of DNNs without the need for a backdoor attack or to know specific type used. Most of the existing work in evasion attacks have focused on planar images (e.g., photo, satellite imaging) in relatively consistent lighting conditions. More recent work have recognised the need to create patterns that are more easily printed or work in diverse lighting environments.Here, we build printable evasion patterns for fabric clothing to highlight the risks to autonomous systems and provide data for future adversarial training. These novel evasion attacks are for soft body human stakeholders, where patterns are designed to take into account body rotation, fabric stretch, printable, and lighting variations. We show that these are effective and robust to different human poses. This poses a significant threat to safety of autonomous vehicles and adversarial training should consider this new area.

show abstract