Browse > Article
http://dx.doi.org/10.3837/tiis.2019.08.027

Adversarial Detection with Gaussian Process Regression-based Detector  

Lee, Sangheon (College of Information and Communication Engineering, Sungkyunkwan University)
Kim, Noo-ri (College of Information and Communication Engineering, Sungkyunkwan University)
Cho, Youngwha (College of Information and Communication Engineering, Sungkyunkwan University)
Choi, Jae-Young (College of Information and Communication Engineering, Sungkyunkwan University)
Kim, Suntae (Department of Software Engineering, Chonbuk National University)
Kim, Jeong-Ah (Department of Computer Education, Catholic Kwandong University)
Lee, Jee-Hyong (College of Information and Communication Engineering, Sungkyunkwan University)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.8, 2019 , pp. 4285-4299 More about this Journal
Abstract
Adversarial attack is a technique that causes a malfunction of classification models by adding noise that cannot be distinguished by humans, which poses a threat to a deep learning model. In this paper, we propose an efficient method to detect adversarial images using Gaussian process regression. Existing deep learning-based adversarial detection methods require numerous adversarial images for their training. The proposed method overcomes this problem by performing classification based on the statistical features of adversarial images and clean images that are extracted by Gaussian process regression with a small number of images. This technique can determine whether the input image is an adversarial image by applying Gaussian process regression based on the intermediate output value of the classification model. Experimental results show that the proposed method achieves higher detection performance than the other deep learning-based adversarial detection methods for powerful attacks. In particular, the Gaussian process regression-based detector shows better detection performance than the baseline models for most attacks in the case with fewer adversarial examples.
Keywords
Adversarial Attack; Adversarial Defense; Adversarial Detection; Gaussian Process Regression; Image Classification;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 H. Sima, A. Mi, X. Han, S. Du, Z. Wang and J. Wang, "Hyperspectral Image Classification via Joint Sparse representation of Multi-layer Superpixles," KSII Transactions on Internet and Information Systems, vol. 12, no. 10, pp. 5015-5038, October, 2018.   DOI
2 Min-Sub Won and Jee-Hyong Lee, "Embedding for Out of Vocabulary Words Considering Contextual and Morphosyntactic Information," in Proc. of 2018 Int. Conf. on Fuzzy Theory and Its Applications, pp. 212-215, November 14-17, 2018.
3 Hyunsoo Lee, Noo-ri Kim and Jee-Hyong Lee, "Attention Reader Model for Abstractive Text Summarization," in Proc. of 13th Asia Pacific Int. Conf. on Information Science and Technology (APIC-IST 2018), pp. 13-15, June 24-27, 2018.
4 YunSeok Choi, DaHae Kim and Jee-Hyong Lee, "Abstractive summarization by neural attention model with document content memory," in Proc. of 2018 Conf. on Research in Adaptive and Convergent Systems, pp. 11-16, October 9-12, 2018.
5 K. Al-Sabahi, Z. Zuping and Y. Kang, "Latent Semantic Analysis Approach for Document Summarization Based on Word Embeddings," KSII Transactions on Internet and Information Systems, vol. 13, no. 1, pp. 254-276, January, 2019.   DOI
6 Noo-ri Kim, YunSeok Choi, HyunSoo Lee, Jae-Young Choi, Suntae Kim, Jeong-Ah Kim, Youngwha Cho and Jee-Hyong Lee, "Detection of document modification based on deep neural networks," Journal of Ambient Intelligence and Humanized Computing, vol. 9, issue 4, pp. 1089-1096, August, 2018.   DOI
7 Jina Kim and Jee-Hyong Lee, "Dual RNNs using Topic and Syntactic Information for Word Prediction," in Proc. of 12th Asia Pacific Int. Conf. on Information Science and Technology (APIC-IST 2017), pp. 1-4, June 25-28, 2017.
8 S. Ren, K. He, R. Girshick and J. Sun, "Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks," in Proc. of Advances in Neural Information Processing Systems, December 7-12, 2015.
9 I.J. Goodfellow, J. Shlens and C. Szegedy, "Explaining and Harnessing Adversarial Examples," in Proc. of Int. Conf. on Learning Representations, May 7-9, 2015.
10 J. Redmon, S. Divvala, R. Girshick and A. Farhadi, "You Only Look Once: Unified, Real-Time Object Detection," in Proc. of IEEE Conf. on Computer Vision and Pattern Recognition, pp. 779-788, June 26-July 1, 2016.
11 A. Kurakin, I.J. Goodfellow and S. Bengio, "Adversarial examples in the physical world," in Proc. of Int. Conf. on Learning Representations, April 24-26, 2017.
12 N. Papernot, P. McDaniel, X. Wu, S. Jha and A. Swami, "Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks," arXiv preprint arXiv:1511.04508, November, 2015.
13 N. Papernot, P. McDaniel, S. Jha, M. Fredrikson, Z.B. Celik and A. Swami, "The Limitations of Deep Learning in Adversarial Settings," in Proc. of 1st IEEE European Symposium on Security and Privacy, pp. 372-387, March 21-24, 2016.
14 S.M. Moosavi-Dezfooli, A. Fawzi and P. Frossard, "DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks," in Proc. of IEEE Conf. on Computer Vision and Pattern Recognition, pp. 2574-2582, June 27-30, 2016.
15 N. Carlini and D. Wagner, "Towards Evaluating the Robustness of Neural Networks," in Proc. of IEEE Symposium on Security and Privacy, pp. 39-57, May 22-26, 2017.
16 F. Liao, M. Liang, Y. Dong, T. Pang, X. Hu and J. Zhu, "Defense Against Adversarial Attacks Using High-Level Representation Guided Denoiser," in Proc. of IEEE Conf. on Computer Vision and Pattern Recognition, pp. 1778-1787, June 19-21, 2018.
17 K. Grosse, P. Manoharan, N. Papernot, M. Backes and P. McDaniel, "On the (Statistical) Detection of Adversarial Examples," arXiv preprint arXiv:1702.06280, October, 2017.
18 Z. Gong, W. Wang and W.S. Ku, "Adversarial and Clean Data Are Not Twins," arXiv preprint arXiv:1704.04960, April, 2017.
19 J. H. Metzen, T. Genewein, V. Fischer and B. Bischoff, "On Detecting Adversarial Perturbations," in Proc. of Int. Conf. on Learning Representations, April 24-26, 2017.
20 N. Liu, H. Yang and X. Hu, "Adversarial Detection with Model Interpretation," in Proc. of 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp. 1803-1811, August 19-23, 2018.
21 N. Carlini and D. Wagner, "Adversarial Examples Are Not Easily Detected: Bypassing Ten Detection Methods," in Proc. of 10th ACM Workshop on Artificial Intelligence and Security, pp. 3-14, November 3-3, 2017.
22 M. Ebden, "Gaussian Processes for Regression: A Quick Introduction," arXiv preprint arXiv:1505.02965, August, 2015.
23 X. Yuan, P. He, Q. Zhu and X. Li, "Adversarial Examples: Attacks and Defenses for Deep Learning," arXiv preprint arXiv:1712.07107, July, 2018.
24 Byeongho Heo, Minsik Lee, Sangdoo Yun and Jin Young Choi, "Knowledge Distillation with Adversarial Samples Supporting Decision Boundary," arXiv preprint arXiv:1805.05532, May, 2018.
25 A. Kurakin, I. Goodfellow, S. Bengio, Y. Dong, F. Liao, M. Liang, T. Pang, J. Zhu, X. Hu, C. Xie, et al., "Adversarial Attacks and Defences Competition," arXiv preprint arXiv:1804.00097, March, 2018.
26 C.E. Rasmussen, "Gaussian Processes in Machine Learning," Advanced Lectures on Machine Learning. ML Summer Schools 2003. Lecture Notes in Computer Science, vol. 3176, pp 63-71, Springer, Berlin, Heidelberg, 2003.
27 H. Nickisch and C.E. Rasmussen, "Approximations for Binary Gaussian Process Classification," Journal of Machine Learning Research, vol. 9, pp. 2035-2078, October, 2008.
28 J. Snoek, H. Larochelle and R.P. Adams, "Practical Bayesian Optimization of Machine Learning Algorithms," in Proc. of Advances in Neural Information Processing Systems, December 3-8, 2012.
29 M. D. Zeiler, "ADADELTA: An Adaptive Learning Rate Method," arXiv preprint arXiv:1212.5701, December, 2012.
30 D. P. Kingma and J. L. Ba, "Adam: A Method for Stochastic Optimization," arXiv preprint arXiv:1412.6980, December, 2014.
31 L. Zhang, J. Jia, Y. Li, W. Gao and M. Wang, "Deep Learning based Rapid Diagnosis System for Identifying Tomato Nutrition Disorders," KSII Transactions on Internet and Information Systems, vol. 13, no. 4, pp. 2012-2027, April, 2019.   DOI
32 Yoongyu Lim and Jee-Hyong Lee, "Balanced Cost-assigning Neural Networks for Imblanaced data," in Proc. of 2018 Int. Conf. on Fuzzy Theory and Its Applications, pp. 180-183, November 14-17, 2018.
33 Hye-Woo Lee, Noo-ri Kim and Jee-Hyong Lee, "Deep Neural Network Self-training Based on Unsupervised Learning and Dropout," Int. Journal of Fuzzy Logic and Intelligent Systems, vol. 17, no. 1, pp. 1-9, March, 2017.   DOI
34 Kyungtae Kim and Jee-Hyong Lee, "Predictive Models for Customer Churn using Deep Learning and Boosted Decision Trees," Journal of Korean Institute of Intelligent Systems, vol. 28, no. 1, pp. 7-12, February, 2018.   DOI
35 S. Naseer and Y. Saleem, "Enhanced Network Intrusion Detection using Deep Convolutional Neural Networks," KSII Transactions on Internet and Information Systems, vol. 12, no. 10, pp. 5159-5178, October, 2018.   DOI
36 Y. LeCun, K. Kavukcuoglu and C. Farabet, "Convolutional networks and applications in vision," in Proc. of 2010 IEEE Int. Symposium on Circuits and Systems, pp. 253-256, May 30-June 2, 2010.
37 A. Krizhevsky, I. Sutskever, G. E. Hinton, "ImageNet Classification with Deep Convolutional Neural Networks," in Proc. of Advances in Neural Information Processing Systems, December 3-8, 2012.
38 Y. Chen, F. Zhang and W. Zuo, "Deep Image Annotation and Classification by Fusing Multi-Modal Semantic Topics," KSII Transactions on Internet and Information Systems, vol. 12, no. 1, pp. 392-412, January, 2018.   DOI
39 K. He, X. Zhang, S. Ren and J. Sun, "Deep Residual Learning for Image Recognition," in Proc. of IEEE Conf. on Computer Vision and Pattern Recognition, pp. 770-778, June 27-30, 2016.