A Data Augmentation-based Defense Method Against Adversarial Attacks in
Neural Networks
- URL: http://arxiv.org/abs/2007.15290v1
- Date: Thu, 30 Jul 2020 08:06:53 GMT
- Title: A Data Augmentation-based Defense Method Against Adversarial Attacks in
Neural Networks
- Authors: Yi Zeng, Han Qiu, Gerard Memmi, Meikang Qiu
- Abstract summary: We develop a lightweight defense method that can efficiently invalidate full whitebox adversarial attacks with the compatibility of real-life constraints.
Our model can withstand advanced adaptive attack, namely BPDA with 50 rounds, and still helps the target model maintain an accuracy around 80 %, meanwhile constraining the attack success rate to almost zero.
- Score: 7.943024117353317
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep Neural Networks (DNNs) in Computer Vision (CV) are well-known to be
vulnerable to Adversarial Examples (AEs), namely imperceptible perturbations
added maliciously to cause wrong classification results. Such variability has
been a potential risk for systems in real-life equipped DNNs as core
components. Numerous efforts have been put into research on how to protect DNN
models from being tackled by AEs. However, no previous work can efficiently
reduce the effects caused by novel adversarial attacks and be compatible with
real-life constraints at the same time. In this paper, we focus on developing a
lightweight defense method that can efficiently invalidate full whitebox
adversarial attacks with the compatibility of real-life constraints. From basic
affine transformations, we integrate three transformations with randomized
coefficients that fine-tuned respecting the amount of change to the defended
sample. Comparing to 4 state-of-art defense methods published in top-tier AI
conferences in the past two years, our method demonstrates outstanding
robustness and efficiency. It is worth highlighting that, our model can
withstand advanced adaptive attack, namely BPDA with 50 rounds, and still helps
the target model maintain an accuracy around 80 %, meanwhile constraining the
attack success rate to almost zero.
Related papers
- Constrained Adaptive Attack: Effective Adversarial Attack Against Deep Neural Networks for Tabular Data [12.641656743760874]
We propose a gradient attack that overcomes the failures of existing gradient attacks with adaptive mechanisms.
We also design CAA, an efficient evasion attack that combines our CAPGD attack and MOEVA, the best search-based attack.
Our empirical study demonstrates that CAA outperforms all existing attacks in 17 over the 20 settings.
arXiv Detail & Related papers (2024-06-02T15:26:52Z) - Improving the Robustness of Object Detection and Classification AI models against Adversarial Patch Attacks [2.963101656293054]
We analyze attack techniques and propose a robust defense approach.
We successfully reduce model confidence by over 20% using adversarial patch attacks that exploit object shape, texture and position.
Our inpainting defense approach significantly enhances model resilience, achieving high accuracy and reliable localization despite the adversarial attacks.
arXiv Detail & Related papers (2024-03-04T13:32:48Z) - Avoid Adversarial Adaption in Federated Learning by Multi-Metric
Investigations [55.2480439325792]
Federated Learning (FL) facilitates decentralized machine learning model training, preserving data privacy, lowering communication costs, and boosting model performance through diversified data sources.
FL faces vulnerabilities such as poisoning attacks, undermining model integrity with both untargeted performance degradation and targeted backdoor attacks.
We define a new notion of strong adaptive adversaries, capable of adapting to multiple objectives simultaneously.
MESAS is the first defense robust against strong adaptive adversaries, effective in real-world data scenarios, with an average overhead of just 24.37 seconds.
arXiv Detail & Related papers (2023-06-06T11:44:42Z) - Practical No-box Adversarial Attacks with Training-free Hybrid Image
Transformation [123.33816363589506]
We show the existence of a textbftraining-free adversarial perturbation under the no-box threat model.
Motivated by our observation that high-frequency component (HFC) domains in low-level features, we attack an image mainly by manipulating its frequency components.
Our method is even competitive to mainstream transfer-based black-box attacks.
arXiv Detail & Related papers (2022-03-09T09:51:00Z) - Interpolated Joint Space Adversarial Training for Robust and
Generalizable Defenses [82.3052187788609]
Adversarial training (AT) is considered to be one of the most reliable defenses against adversarial attacks.
Recent works show generalization improvement with adversarial samples under novel threat models.
We propose a novel threat model called Joint Space Threat Model (JSTM)
Under JSTM, we develop novel adversarial attacks and defenses.
arXiv Detail & Related papers (2021-12-12T21:08:14Z) - Adaptive Feature Alignment for Adversarial Training [56.17654691470554]
CNNs are typically vulnerable to adversarial attacks, which pose a threat to security-sensitive applications.
We propose the adaptive feature alignment (AFA) to generate features of arbitrary attacking strengths.
Our method is trained to automatically align features of arbitrary attacking strength.
arXiv Detail & Related papers (2021-05-31T17:01:05Z) - Combating Adversaries with Anti-Adversaries [118.70141983415445]
In particular, our layer generates an input perturbation in the opposite direction of the adversarial one.
We verify the effectiveness of our approach by combining our layer with both nominally and robustly trained models.
Our anti-adversary layer significantly enhances model robustness while coming at no cost on clean accuracy.
arXiv Detail & Related papers (2021-03-26T09:36:59Z) - Mitigating the Impact of Adversarial Attacks in Very Deep Networks [10.555822166916705]
Deep Neural Network (DNN) models have vulnerabilities related to security concerns.
Data poisoning-enabled perturbation attacks are complex adversarial ones that inject false data into models.
We propose an attack-agnostic-based defense method for mitigating their influence.
arXiv Detail & Related papers (2020-12-08T21:25:44Z) - A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems.
This paper proposes a self-supervised adversarial training mechanism in the input space.
It provides significant robustness against the textbfunseen adversarial attacks.
arXiv Detail & Related papers (2020-06-08T20:42:39Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.