You Can’t Fool All the Models: Detect Adversarial Samples via Pruning Models

Renxuan, Wang; Chen, Zuohui; Dong, Hui; Xuan, Qi

doi:10.1109/access.2021.3133334

Cited by 4 publications

(3 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lee et al [70] also proposed a framework for detecting adversarial examples that can be used to detect adversaries in any pre-trained Softmax neural classifier. The authors of [71] presented model-pruning-based adversarial attack detection methods, while, on the other hand, Chen et al [72] presented a method to detect adversarial attacks based on activation clustering methods. In contrast to adversarial detection, the adversarial transformation methods apply transformation techniques to mitigate the effect of adversarial attacks and obtain a clean image.…”

Section: Methods For Detecting and Defending Against Adversarial Attacksmentioning

confidence: 99%

Reconstruction-Based Adversarial Attack Detection in Vision-Based Autonomous Driving Systems

Hussain,

Hong

2023

MAKE

View full text Add to dashboard Cite

The perception system is a safety-critical component that directly impacts the overall safety of autonomous driving systems (ADSs). It is imperative to ensure the robustness of the deep-learning model used in the perception system. However, studies have shown that these models are highly vulnerable to the adversarial perturbation of input data. The existing works mainly focused on studying the impact of these adversarial attacks on classification rather than regression models. Therefore, this paper first introduces two generalized methods for perturbation-based attacks: (1) We used naturally occurring noises to create perturbations in the input data. (2) We introduce a modified square, HopSkipJump, and decision-based/boundary attack to attack the regression models used in ADSs. Then, we propose a deep-autoencoder-based adversarial attack detector. In addition to offline evaluation metrics (e.g., F1 score and precision, etc.), we introduce an online evaluation framework to evaluate the robustness of the model under attack. The framework considers the reconstruction loss of the deep autoencoder that validates the robustness of the models under attack in an end-to-end fashion at runtime. Our experimental results showed that the proposed adversarial attack detector could detect square, HopSkipJump, and decision-based/boundary attacks with a true positive rate (TPR) of 93%.

show abstract

Section: Methods For Detecting and Defending Against Adversarial Attacksmentioning

confidence: 99%

Reconstruction-Based Adversarial Attack Detection in Vision-Based Autonomous Driving Systems

Hussain,

Hong

2023

MAKE

View full text Add to dashboard Cite

show abstract

“…13 shows the visual illustration of an Intel SGX-compatible system. The Metaverse platform owner can Trusted Execution Environment Encrypt a portion of CPU memory to isolate specific application in memory [212] Trusted Execution Environment Evaluate the feasibility of deploying TEE on edge device with different CPU [213] Trusted Execution Environment Following [211], the data are encrypted in the TEE before they are offloaded to other edge servers [214] Federated Learning Integrated differential privacy into FL to improve the protection level [215] Federated Learning Following [214], randomized mechanism are added together with DP to hide users' contributions during training [216] Adversarial Machine Learning Distance between data points and distribution-estimation based outlier detection algorithms are used to defence against poisoning attack [217] Adversarial Machine Learning Propose to use multiple models to form a model family so that it is more robust in white-box attack scenario [218] Adversarial Machine Learning Propose to use label change rate to protect the pruned neural network against adversarial sample set up a list of requirements to prevent the users from using edge devices that are not using SGX-enabled Intel CPU. With the help of SGX, edge devices can trust the data running on a platform with the latest security updates.…”

Section: Privacy and Securitymentioning

confidence: 99%

“…In addition, the edge device user does not want a single application to consume too much power. The authors in [218] detect the adversarial samples via pruning models. The framework is mainly tested with four pruning methods, i.e., random channel pruning, 𝐿 1 norm pruning, lottery ticket hypothesis pruning, and subnetwork extraction.…”

Section: Privacy and Securitymentioning

confidence: 99%

A Full Dive into Realizing the Edge-enabled Metaverse: Visions, Enabling Technologies,and Challenges

Xu¹,

Ng²,

Lim³

et al. 2022

Preprint

View full text Add to dashboard Cite

Dubbed "the successor to the mobile Internet", the concept of the Metaverse has grown in popularity. While there exist lite versions of the Metaverse today, they are still far from realizing the full vision of an immersive, embodied, and interoperable Metaverse. Without addressing the issues of implementation from the communication and networking, as well as computation perspectives, the Metaverse is difficult to succeed the Internet, especially in terms of its accessibility to billions of users today. In this survey, we focus on the edge-enabled Metaverse to realize its ultimate vision. We first provide readers with a succinct tutorial of the Metaverse, an introduction to the architecture, as well as current developments. To enable the ubiquitous, seamless, and embodied access to the Metaverse, we discuss the communication and networking challenges and survey cutting-edge solutions and concepts that leverage next-generation communication systems for users to be telepresent and teleoperate in the Metaverse. Moreover, given the high computation costs required, e.g., to render immersive 3D worlds and run data hungry artificial intelligence (AI) driven applications, we discuss the computation challenges and cloud-edge-end computation framework driven solutions to realize the Metaverse on resource-constrained edge devices. Next, we explore how blockchain technologies can aid in the interoperable development of the Metaverse, not just in terms of empowering the economic circulation of virtual usergenerated contents, but also to manage physical edge resources in a decentralized, transparent, and tamper-proof manner. Finally, we discuss the future research directions towards realizing the true vision of the edge-enabled Metaverse.

show abstract

Uncertainty quantification in scientific machine learning: Methods, metrics, and comparisons

Psaros

Meng

Zou

et al. 2023

Journal of Computational Physics

111

View full text Add to dashboard Cite

You Can’t Fool All the Models: Detect Adversarial Samples via Pruning Models

Cited by 4 publications

References 25 publications

Reconstruction-Based Adversarial Attack Detection in Vision-Based Autonomous Driving Systems

Reconstruction-Based Adversarial Attack Detection in Vision-Based Autonomous Driving Systems

A Full Dive into Realizing the Edge-enabled Metaverse: Visions, Enabling Technologies,and Challenges

Uncertainty quantification in scientific machine learning: Methods, metrics, and comparisons

Contact Info

Product

Resources

About