Browse > Article
http://dx.doi.org/10.13089/JKIISC.2021.31.6.1215

An Adversarial Attack Type Classification Method Using Linear Discriminant Analysis and k-means Algorithm  

Choi, Seok-Hwan (Pusan National University)
Kim, Hyeong-Geon (Pusan National University)
Choi, Yoon-Ho (Pusan National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.31, no.6, 2021 , pp. 1215-1225 More about this Journal
Abstract
Although Artificial Intelligence (AI) techniques have shown impressive performance in various fields, they are vulnerable to adversarial examples which induce misclassification by adding human-imperceptible perturbations to the input. Previous studies to defend the adversarial examples can be classified into three categories: (1) model retraining methods; (2) input transformation methods; and (3) adversarial examples detection methods. However, even though the defense methods against adversarial examples have constantly been proposed, there is no research to classify the type of adversarial attack. In this paper, we proposed an adversarial attack family classification method based on dimensionality reduction and clustering. Specifically, after extracting adversarial perturbation from adversarial example, we performed Linear Discriminant Analysis (LDA) to reduce the dimensionality of adversarial perturbation and performed K-means algorithm to classify the type of adversarial attack family. From the experimental results using MNIST dataset and CIFAR-10 dataset, we show that the proposed method can efficiently classify five tyeps of adversarial attack(FGSM, BIM, PGD, DeepFool, C&W). We also show that the proposed method provides good classification performance even in a situation where the legitimate input to the adversarial example is unknown.
Keywords
Deep Learning; Adversarial example; Adversarial attack; Clustering;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Carlini, N., & Wagner, D. "Towards evaluating the robustness of neural networks," In 2017 ieee symposium on security and privacy (sp), pp. 39-57, May. 2017
2 Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. "Towards deep learning models resistant to adversarial attacks," arXiv preprint arXiv:1706.06083, Jun. 2017.
3 Guo, C., Rana, M., Cisse, M., & Van Der Maaten, L. "Countering adversarial images using input transformations," arXiv preprint arXiv:1711.00117, Oct. 2017.
4 Song, Y., Kim, T., Nowozin, S., Ermon, S., & Kushman, N. "Pixeldefend: Leveraging generative models to understand and defend against adversarial examples," arXiv preprint arXiv:1710.10766, Oct. 2017.
5 Carrara, F., Becarelli, R., Caldelli, R., Falchi, F., & Amato, G. "Adversarial examples detection in features distance spaces," In Proceedings of the European Conference on Computer Vision (ECCV) Workshops, Sep. 2018.
6 Xu, W., Evans, D., & Qi, Y. "Feature squeezing: Detecting adversarial examples in deep neural networks," arXiv preprint arXiv:1704.01155, Apr. 2017.
7 Mohaisen, A., West, A. G., Mankin, A., & Alrawi, O. "Chatter: Classifying malware families using system event ordering," In 2014 IEEE Conference on Communications and Network Security, pp. 283-291. Oct. 2014.
8 Alswaina, F., & Elleithy, K. "Android malware family classification and analysis: Current status and future directions," Electronics, 9(6), 942. 2020.   DOI
9 Yann LeCun and Corinna Cortes. MNIST handwritten digit database. 2010.
10 Balakrishnama, S., & Ganapathiraju, A. "Linear discriminant analysis-a brief tutorial," Institute for Signal and information Processing, 18, pp. 1-8. 1998
11 Hartigan, J. A., & Wong, M. A. "Algorithm AS 136: A k-means clustering algorithm," Journal of the royal statistical society. series c (applied statistics), 28(1), pp. 100-108. 1979
12 Carlini, N., & Wagner, D. "Defensive distillation is not robust to adversarial examples," arXiv preprint arXiv:1607.04311, Jul. 2016.
13 AlAhmadi, B. A., & Martinovic, I. "MalClassifier: Malware family classification using network flow sequence behaviour," In 2018 APWG Symposium on Electronic Crime Research (eCrime), pp. 1-13, May. 2018.
14 He, K., Zhang, X., Ren, S., & Sun, J. "Deep residual learning for image recognition," In Proceedings of the IEEE conference on computer vision and pattern recognition pp. 770-778, Sep. 2016.
15 Ahmadi, M., Ulyanov, D., Semenov, S., Trofimov, M., & Giacinto, G. " Novel feature extraction, selection and fusion for effective malware family classification," In Proceedings of the sixth ACM conference on data and application security and privacy, pp. 183-194. Mar. 2016.
16 Zheng, Yanbin, et al. "Defence against adversarial attacks using clustering algorithm," International Conference of Pioneering Computer Scientists, Engineers and Educators. Springer, Singapore, Sep. 2019.
17 Papernot, N., Faghri, F., Carlini, N., Goodfellow, I., Feinman, R., Kurakin, A., & McDaniel, P. "Technical report on the cleverhans v2. 1.0 adversarial examples library," arXiv preprint arXiv:1610.00768, Oct. 2016.
18 Tractica, "Artificial Intelligence Market Forecasts," Dec. 2019.
19 Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., & Fergus, R. "Intriguing properties of neural networks," arXiv preprint arXiv:1312.6199, Dec. 2013.
20 Nicolae, M. I., Sinn, M., Minh, T. N., Rawat, A., Wistuba, M., Zantedeschi, V., & Edwards, B. "Adversarial Robustness Toolbox v0. 2.2.," Jul. 2018.
21 Jackie SnowMar. "To protect artificial intelligence from attacks, show it fake data," Mar. 2018.
22 Goodfellow, I. J., Shlens, J., & Szegedy, C.. "Explaining and harnessing adversarial examples," arXiv preprint arXiv:1412.6572, Dec. 2014
23 Kurakin, A., Goodfellow, I., & Bengio, S. "Adversarial examples in the physical world," Jul. 2016.
24 Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. "Towards deep learning models resistant to adversarial attacks," arXiv preprint arXiv:1706.06083, Jun. 2017.
25 Moosavi-Dezfooli, S. M., Fawzi, A., & Frossard, P. "Deepfool: a simple and accurate method to fool deep neural networks," In Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 2574-2582, 2016
26 Lu, J., Issaranon, T., & Forsyth, D. "Safetynet: Detecting and rejecting adversarial examples robustly," In Proceedings of the IEEE International Conference on Computer Vision, pp. 446-454, Aug. 2017.
27 Choi, S. H., Shin, J., Liu, P., & Choi, Y. H. "EEJE: Two-Step Input Transformation for Robust DNN Against Adversarial Examples," IEEE Transactions on Network Science and Engineering, 8(2), pp. 908-920. Jul. 2020
28 Alex Krizhevsky, Vinod Nair, and Geoffrey Hinton. CIFAR-10 (Canadian Institute for Advanced Research). 2009.