Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.5.975

Adversarial Example Detection Based on Symbolic Representation of Image  

Park, Sohee (Soongsil University)
Kim, Seungjoo (Soongsil University)
Yoon, Hayeon (Soongsil University)
Choi, Daeseon (Soongsil University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.5, 2022 , pp. 975-986 More about this Journal
Abstract
Deep learning is attracting great attention, showing excellent performance in image processing, but is vulnerable to adversarial attacks that cause the model to misclassify through perturbation on input data. Adversarial examples generated by adversarial attacks are minimally perturbated where it is difficult to identify, so visual features of the images are not generally changed. Unlikely deep learning models, people are not fooled by adversarial examples, because they classify the images based on such visual features of images. This paper proposes adversarial attack detection method using Symbolic Representation, which is a visual and symbolic features such as color, shape of the image. We detect a adversarial examples by comparing the converted Symbolic Representation from the classification results for the input image and Symbolic Representation extracted from the input images. As a result of measuring performance on adversarial examples by various attack method, detection rates differed depending on attack targets and methods, but was up to 99.02% for specific target attack.
Keywords
Image Classification; Adversarial Example; Symbolic Representation;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus, "Intriguing properties of neural netsworks," arXiv preprint arXiv:1312.6199. Feb, 2014.
2 D. Meng, and H. Chen, "Magnet: a two-pronged defense against adversarial examples.", In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pp. 135-147, Oct, 2017.
3 K. Eykholt, I. Evtimov, E. Fernandes,B.Li, A. Rahmati, C. Xiao, andD. Song, "Robust Physical-World Attackson Deep Learning Visual Classification," In Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 1625-1634, Jun, 2018.
4 W. Xu, D. Evans and Y. Qi, "Feature squeezing: Detecting adversarial examples in deep neural networks," arXivpreprint arXiv:1704.01155, Dec, 2017
5 L. Munoz-Gonzalez, B. Biggio, A. Demontis, A. Paudice,V. Wongrassamee, E. C. Lupu, and F. Roli, ''Towards poisoning of deep learning algorithms with back-gradient optimization,'' in Proc. 10th ACM Workshop Artif. Intell. Secur. AISec, pp. 27-38, Aug, 2017
6 R. Timofte and L. Van Gool, "Sparserepresentation based projections." In Proceedings of the 22nd Britishmachine vision conference-BMVC, pp.61-61,Sep, 2011
7 H. Hirano, A. Minagi and K. Takemoto, "Universal adversarial attacks ondeep neural networks for medical image classification," BMC medical imaging, Vol. 21, No. 1, pp. 1-13. Jan, 2021   DOI
8 A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu, "Towards deep learning models resistant to adversarial attacks," arXiv preprint arXiv:1706.06083, Jun, 2017
9 G. Ryu and D. Choi, "A ResearchTrends in Artificial Intelligence Security Attacks and Countermeasures," Reviewof KIISC, 30(5), pp. 93-99, Oct. 2020.
10 C. Yang, Q. Wu, H. Li, and Y. Chen,"Generative poisoning attack methodagainst neural networks,'' arXiv preprint arXiv:1703.01340. March, 2017
11 T. Gu, B. Dolan-Gavitt and S. Garg, "Badnets: Identifying vulnerabilities in the machine learning model supply chain," arXiv preprint arXiv:1708.06733, Aug, 2017.
12 A. Kurakin, I. Goodfellow and S. Bengio, "Adversarial examples in the phys ical world," In Artificial intelligence safety and security. Chapman and Hall/CRC. pp. 99-112, Aug, 2018
13 S. Moosavi-Dezfooli, A, Fawzi, and P. Frossard, "Deepfool: a simple and accu rate method to fool deep neural netwo rks," In Proceedings of the IEEE confe rence on computer vision andpatternrecognition, pp. 2574-2582, Jul, 2016.
14 Y. .Dong, F. Liao, T. Pang, H. Su, J.Zhu, X. Hu, and J. Li, "Boostingadversarial attacks with momentum," In Proceedings of the IEEE conference on computer vision and pattern recogniti on, pp. 9185-9193, Jun, 2018.
15 F. Tramer, F. Zhang, A. Juels, M. K.Reiter, and T. Ristenpart, ''Stealingmachine learning models via predictionAPIs,'' In 25th USENIX securitysymposium (USENIX Security 16), pp. 601-618, Aug. 2016.
16 B. Biggio and F. Roli, "Wild patterns:Ten years after the rise of adversarial machine learning," Pattern Recognition, Vol. 84, pp. 317-331, Dec, 2018.   DOI
17 M. Xue, C. Yuan, H. Wu, Y. Zhangand W. Liu, "Machine learning security: Threats, countermeasures, and evaluations.", IEEE Access, Vol. 8, pp. 74720-74742, April, 2020.   DOI
18 N. Carlini and D. Wagner, "Towards Evaluating the Robustness of Neural Networks," In Proc. IEEE Symposium Security and Privacy, pp. 39-57, May, 2017.
19 X. Chen, C. Liu, B. Li, K. Lu, and D. Song, ''Targeted backdoor attacks on deep learning systems using data pois oning,'' arXiv preprint arXiv:1712.05526. Dec, 2017
20 I. Goodfellow, J. Shlens and C. Szegedy, "Explaining and Harnessing Adver sarial Examples," In Proc. International Conference on Learning Representations, May, 2015.
21 G. Ryu, H, Park and D.Choi, "Adversarial attacks by attaching noisemarkers on the face against deep facerecognition," Journal of Information Security and Applications, Vol. 60, pp. 1-11,Aug, 2021
22 N. Akhtar and A. Mian, "Threat of adversarial attacks on deep learning in computer vision: A survey." IEEE Access, Vol. 6, pp. 14410-14430. Feb, 2018   DOI
23 S. Freitas, S. Chen, Z. Wang, and D.Chau, "Unmask: Adversarial detectionand defense through robust featurealignment," In 2020 IEEE International Conference on Big Data, pp. 1081-1088, Dec, 2020.
24 M. Fredrikson, S. Jha, and T. Ristenpart, ''Model inversion attacks that exploit confidence information and basic countermeasures,'' In Proceedingsof the 22nd ACM SIGSAC conferenceon computer and communications security,pp. 1322-1333, Oct, 2015