Decision Guided Robust DL Classification of Adversarial Images Combining Weaker Defenses

IF 3.7 2区工程技术 Q2 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Journal on Emerging and Selected Topics in Circuits and Systems Pub Date : 2024-11-13 DOI:10.1109/JETCAS.2024.3497295

Shubhajit Datta;Manaar Alam;Arijit Mondal;Debdeep Mukhopadhyay;Partha Pratim Chakrabarti

{"title":"Decision Guided Robust DL Classification of Adversarial Images Combining Weaker Defenses","authors":"Shubhajit Datta;Manaar Alam;Arijit Mondal;Debdeep Mukhopadhyay;Partha Pratim Chakrabarti","doi":"10.1109/JETCAS.2024.3497295","DOIUrl":null,"url":null,"abstract":"Adversarial examples make Deep Learning (DL) models vulnerable to safe deployment in practical systems. Although several techniques have been proposed in the literature, defending against adversarial attacks is still challenging. The current work identifies weaknesses of traditional strategies in detecting and classifying adversarial examples. To overcome these limitations, we carefully analyze techniques like binary detector and ensemble method, and compose them in a manner which mitigates the limitations. We also effectively develop a re-attack strategy, a randomization technique called RRP (Random Resizing and Patch-removing), and a rule-based decision method. Our proposed method, BEARR (Binary detector with Ensemble and re-Attacking scheme including Randomization and Rule-based decision technique) detects adversarial examples as well as classifies those examples with a higher accuracy compared to contemporary methods. We evaluate BEARR on standard image classification datasets: CIFAR-10, CIFAR-100, and tiny-imagenet as well as two real-world datasets: plantvillage and chest X-ray in the presence of state-of-the-art adversarial attack techniques. We have also validated BEARR against a more potent attacker who has perfect knowledge of the protection mechanism. We observe that BEARR is significantly better than existing methods in the context of detection and classification accuracy of adversarial examples.","PeriodicalId":48827,"journal":{"name":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","volume":"14 4","pages":"758-772"},"PeriodicalIF":3.7000,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Journal on Emerging and Selected Topics in Circuits and Systems","FirstCategoryId":"5","ListUrlMain":"https://ieeexplore.ieee.org/document/10752684/","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

Adversarial examples make Deep Learning (DL) models vulnerable to safe deployment in practical systems. Although several techniques have been proposed in the literature, defending against adversarial attacks is still challenging. The current work identifies weaknesses of traditional strategies in detecting and classifying adversarial examples. To overcome these limitations, we carefully analyze techniques like binary detector and ensemble method, and compose them in a manner which mitigates the limitations. We also effectively develop a re-attack strategy, a randomization technique called RRP (Random Resizing and Patch-removing), and a rule-based decision method. Our proposed method, BEARR (Binary detector with Ensemble and re-Attacking scheme including Randomization and Rule-based decision technique) detects adversarial examples as well as classifies those examples with a higher accuracy compared to contemporary methods. We evaluate BEARR on standard image classification datasets: CIFAR-10, CIFAR-100, and tiny-imagenet as well as two real-world datasets: plantvillage and chest X-ray in the presence of state-of-the-art adversarial attack techniques. We have also validated BEARR against a more potent attacker who has perfect knowledge of the protection mechanism. We observe that BEARR is significantly better than existing methods in the context of detection and classification accuracy of adversarial examples.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Journal on Emerging and Selected Topics in Circuits and Systems ENGINEERING, ELECTRICAL & ELECTRONIC-

CiteScore

8.50

自引率

2.20%

发文量

期刊介绍： The IEEE Journal on Emerging and Selected Topics in Circuits and Systems is published quarterly and solicits, with particular emphasis on emerging areas, special issues on topics that cover the entire scope of the IEEE Circuits and Systems (CAS) Society, namely the theory, analysis, design, tools, and implementation of circuits and systems, spanning their theoretical foundations, applications, and architectures for signal and information processing.