A Quantitative Comparison of Image Classification Models under Adversarial Attacks and Defenses

2021 8th International Conference on Signal Processing and Integrated Networks (SPIN) Pub Date : 2021-08-26 DOI:10.1109/SPIN52536.2021.9565948

Kartikeya Khullar, Sarthak Kathuria, Nishant Chahar, Prince Gupta, Preeti Kaur

{"title":"A Quantitative Comparison of Image Classification Models under Adversarial Attacks and Defenses","authors":"Kartikeya Khullar, Sarthak Kathuria, Nishant Chahar, Prince Gupta, Preeti Kaur","doi":"10.1109/SPIN52536.2021.9565948","DOIUrl":null,"url":null,"abstract":"In this paper, we present a comparison of the performance of two state-of-the-art model architectures under Adversarial attacks. These are attacks that are designed to trick trained machine learning models. The models compared in this paper perform commendable on the popular image classification dataset CIFAR-10. To generate these adversarial examples for the attack, we are using two strategies, the first one being a very popular attack based on the L∞ metric. And the other one is a relatively new technique that covers fundamentally different types of adversarial examples generated using the Wasserstein distance. We will also be applying two adversarial defenses, preprocessing the input and adversarial training. The comparative results show that even these new state-of-the-art techniques are susceptible to adversarial attacks. Also, we concluded that more studies on adversarial defences are required and current defence techniques must be adopted in real-world applications.","PeriodicalId":343177,"journal":{"name":"2021 8th International Conference on Signal Processing and Integrated Networks (SPIN)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 8th International Conference on Signal Processing and Integrated Networks (SPIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPIN52536.2021.9565948","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

In this paper, we present a comparison of the performance of two state-of-the-art model architectures under Adversarial attacks. These are attacks that are designed to trick trained machine learning models. The models compared in this paper perform commendable on the popular image classification dataset CIFAR-10. To generate these adversarial examples for the attack, we are using two strategies, the first one being a very popular attack based on the L∞ metric. And the other one is a relatively new technique that covers fundamentally different types of adversarial examples generated using the Wasserstein distance. We will also be applying two adversarial defenses, preprocessing the input and adversarial training. The comparative results show that even these new state-of-the-art techniques are susceptible to adversarial attacks. Also, we concluded that more studies on adversarial defences are required and current defence techniques must be adopted in real-world applications.

查看原文本刊更多论文

对抗性攻击与防御下图像分类模型的定量比较

在本文中，我们比较了两种最先进的模型架构在对抗性攻击下的性能。这些攻击旨在欺骗训练有素的机器学习模型。本文所比较的模型在流行的图像分类数据集CIFAR-10上表现良好。为了生成这些攻击的对抗性示例，我们使用了两种策略，第一种是基于L∞度量的非常流行的攻击。另一个是一个相对较新的技术，它涵盖了使用沃瑟斯坦距离生成的不同类型的对抗样本。我们还将应用两种对抗性防御，预处理输入和对抗性训练。对比结果表明，即使是这些新的最先进的技术也容易受到对抗性攻击。此外，我们得出结论，需要更多的对抗性防御研究，当前的防御技术必须在现实世界的应用中采用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 8th International Conference on Signal Processing and Integrated Networks (SPIN)

自引率

0.00%

发文量