Towards robust classification detection for adversarial examples

2020 15th International Conference for Internet Technology and Secured Transactions (ICITST) Pub Date : 2020-12-08 DOI:10.23919/ICITST51030.2020.9351309

Huangxiaolie Liu, Dong Zhang, Hui-Bing Chen

{"title":"Towards robust classification detection for adversarial examples","authors":"Huangxiaolie Liu, Dong Zhang, Hui-Bing Chen","doi":"10.23919/ICITST51030.2020.9351309","DOIUrl":null,"url":null,"abstract":"In the field of computer vision, machine learning (ML) models have been widely used in various tasks to achieve better performance. ML models, however, do a poor job of identifying malicious inputs such as adversarial examples. Abuse adversarial examples can cause security threats in ML-based products or applications. According to the definition of adversarial examples, the feature distribution of adversarial examples and normal examples are different. Besides, classification results of adversarial examples are sensitive to additive perturbance while normal examples are robust. This provides a theoretical basis for detecting adversarial examples from its own distribution. In this paper, we summarized some adversarial attack methods and defense methods, and a detection method based on the robustness of the classification result is proposed. This detection method has relatively good performance on gradient-based adversarial attack methods and does not rely on the structure or other information of ML model, so the structure of ML models need not be modified, which has a certain significance in practical engineering.","PeriodicalId":346678,"journal":{"name":"2020 15th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 15th International Conference for Internet Technology and Secured Transactions (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ICITST51030.2020.9351309","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

In the field of computer vision, machine learning (ML) models have been widely used in various tasks to achieve better performance. ML models, however, do a poor job of identifying malicious inputs such as adversarial examples. Abuse adversarial examples can cause security threats in ML-based products or applications. According to the definition of adversarial examples, the feature distribution of adversarial examples and normal examples are different. Besides, classification results of adversarial examples are sensitive to additive perturbance while normal examples are robust. This provides a theoretical basis for detecting adversarial examples from its own distribution. In this paper, we summarized some adversarial attack methods and defense methods, and a detection method based on the robustness of the classification result is proposed. This detection method has relatively good performance on gradient-based adversarial attack methods and does not rely on the structure or other information of ML model, so the structure of ML models need not be modified, which has a certain significance in practical engineering.

查看原文本刊更多论文

面向对抗样本的鲁棒分类检测

在计算机视觉领域，机器学习(ML)模型已被广泛应用于各种任务中，以获得更好的性能。然而，ML模型在识别恶意输入(如对抗性示例)方面做得很差。滥用对抗性示例可能会在基于ml的产品或应用程序中造成安全威胁。根据对抗性样例的定义，对抗性样例与正常样例的特征分布是不同的。此外，对抗样例的分类结果对加性扰动敏感，而正常样例的分类结果具有鲁棒性。这为从自身分布中检测对抗样本提供了理论基础。本文总结了一些对抗性攻击方法和防御方法，提出了一种基于分类结果鲁棒性的检测方法。该检测方法在基于梯度的对抗性攻击方法中具有相对较好的性能，并且不依赖于ML模型的结构或其他信息，因此不需要修改ML模型的结构，在实际工程中具有一定的意义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 15th International Conference for Internet Technology and Secured Transactions (ICITST)

自引率

0.00%

发文量