Empirical Evaluation on Robustness of Deep Convolutional Neural Networks Activation Functions Against Adversarial Perturbation

2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW) Pub Date : 2018-11-01 DOI:10.1109/CANDARW.2018.00049

Jiawei Su, Danilo Vasconcellos Vargas, K. Sakurai

{"title":"Empirical Evaluation on Robustness of Deep Convolutional Neural Networks Activation Functions Against Adversarial Perturbation","authors":"Jiawei Su, Danilo Vasconcellos Vargas, K. Sakurai","doi":"10.1109/CANDARW.2018.00049","DOIUrl":null,"url":null,"abstract":"Recent research has shown that deep convolutional neural networks (DCNN) are vulnerable to several different types of attacks while the reasons of such vulnerability are still under investigation. For instance, the adversarial perturbations can conduct a slight change on a natural image to make the target DCNN make the wrong recognition, while the reasons that DCNN is sensitive to such small modification are divergent from one research to another. In this paper, we evaluate the robustness of two commonly used activation functions of DCNN, namely the sigmoid and ReLu, against the recently proposed low-dimensional one-pixel attack. We show that the choosing of activation functions can be an important factor that influences the robustness of DCNN. The results show that comparing with sigmoid, the ReLu non-linearity is more vulnerable which allows the low dimensional one-pixel attack exploit much higher success rate and confidence of launching the attack. The results give insights on designing new activation functions to enhance the security of DCNN.","PeriodicalId":329439,"journal":{"name":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CANDARW.2018.00049","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Recent research has shown that deep convolutional neural networks (DCNN) are vulnerable to several different types of attacks while the reasons of such vulnerability are still under investigation. For instance, the adversarial perturbations can conduct a slight change on a natural image to make the target DCNN make the wrong recognition, while the reasons that DCNN is sensitive to such small modification are divergent from one research to another. In this paper, we evaluate the robustness of two commonly used activation functions of DCNN, namely the sigmoid and ReLu, against the recently proposed low-dimensional one-pixel attack. We show that the choosing of activation functions can be an important factor that influences the robustness of DCNN. The results show that comparing with sigmoid, the ReLu non-linearity is more vulnerable which allows the low dimensional one-pixel attack exploit much higher success rate and confidence of launching the attack. The results give insights on designing new activation functions to enhance the security of DCNN.

查看原文本刊更多论文

深度卷积神经网络激活函数对对抗性扰动鲁棒性的经验评价

最近的研究表明，深度卷积神经网络(DCNN)容易受到几种不同类型的攻击，而这种脆弱性的原因仍在调查中。例如，对抗性扰动可以对自然图像进行微小的改变，使目标DCNN做出错误的识别，而DCNN对这种微小的改变敏感的原因在不同的研究中是不同的。在本文中，我们评估了两种常用的DCNN激活函数(即sigmoid和ReLu)对最近提出的低维单像素攻击的鲁棒性。结果表明，激活函数的选择是影响DCNN鲁棒性的重要因素。结果表明，与s型线相比，ReLu非线性更容易受到攻击，使得低维单像素攻击具有更高的成功率和置信度。研究结果为设计新的激活函数以提高DCNN的安全性提供了参考。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 Sixth International Symposium on Computing and Networking Workshops (CANDARW)

自引率

0.00%

发文量