信息物理系统中的对抗图像检测

Proceedings of the 1st ACM Workshop on Autonomous and Intelligent Mobile Systems Pub Date : 2020-01-11 DOI:10.1145/3377283.3377285

Kartik Mundra, Rahul Modpur, Arpan Chattopadhyay, I. Kar

{"title":"信息物理系统中的对抗图像检测","authors":"Kartik Mundra, Rahul Modpur, Arpan Chattopadhyay, I. Kar","doi":"10.1145/3377283.3377285","DOIUrl":null,"url":null,"abstract":"In this paper, detection of deception attack on deep neural network (DNN) based image classification in autonomous and cyber-physical systems is considered. Several studies have shown the vulnerability of DNN to malicious deception attack. In such attacks, some or all pixel values of an image are modified by an external attacker, so that the change is almost invisible to human eye but significant enough for a DNN-based classifier to misclassify it. This paper proposes a novel pre-processing technique that facilitates detection of such modified images under any DNN-based image classifier as well as attacker model. The proposed pre-processing algorithm involves a certain combination of principal component analysis (PCA)-based decomposition of the image, and random perturbation based detection to reduce computational complexity. Numerical experiments show that the proposed detection scheme outperforms a competing attack detection algorithm while achieving low false alarm rate and low computational complexity.","PeriodicalId":443854,"journal":{"name":"Proceedings of the 1st ACM Workshop on Autonomous and Intelligent Mobile Systems","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-01-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Adversarial Image Detection in Cyber-Physical Systems\",\"authors\":\"Kartik Mundra, Rahul Modpur, Arpan Chattopadhyay, I. Kar\",\"doi\":\"10.1145/3377283.3377285\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, detection of deception attack on deep neural network (DNN) based image classification in autonomous and cyber-physical systems is considered. Several studies have shown the vulnerability of DNN to malicious deception attack. In such attacks, some or all pixel values of an image are modified by an external attacker, so that the change is almost invisible to human eye but significant enough for a DNN-based classifier to misclassify it. This paper proposes a novel pre-processing technique that facilitates detection of such modified images under any DNN-based image classifier as well as attacker model. The proposed pre-processing algorithm involves a certain combination of principal component analysis (PCA)-based decomposition of the image, and random perturbation based detection to reduce computational complexity. Numerical experiments show that the proposed detection scheme outperforms a competing attack detection algorithm while achieving low false alarm rate and low computational complexity.\",\"PeriodicalId\":443854,\"journal\":{\"name\":\"Proceedings of the 1st ACM Workshop on Autonomous and Intelligent Mobile Systems\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-01-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 1st ACM Workshop on Autonomous and Intelligent Mobile Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3377283.3377285\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 1st ACM Workshop on Autonomous and Intelligent Mobile Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3377283.3377285","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

研究了基于深度神经网络(DNN)的图像分类在自主系统和网络物理系统中的欺骗攻击检测问题。一些研究表明DNN易受恶意欺骗攻击。在这种攻击中，图像的部分或全部像素值被外部攻击者修改，因此这种变化对人眼来说几乎是不可见的，但对基于dnn的分类器来说却足够重要，可以对其进行错误分类。本文提出了一种新的预处理技术，该技术可以在任何基于dnn的图像分类器和攻击者模型下检测到这种修改的图像。该预处理算法将基于主成分分析(PCA)的图像分解与基于随机摄动的检测相结合，以降低计算复杂度。数值实验表明，该检测方案在实现低虚警率和低计算复杂度的同时，优于同类攻击检测算法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Adversarial Image Detection in Cyber-Physical Systems

In this paper, detection of deception attack on deep neural network (DNN) based image classification in autonomous and cyber-physical systems is considered. Several studies have shown the vulnerability of DNN to malicious deception attack. In such attacks, some or all pixel values of an image are modified by an external attacker, so that the change is almost invisible to human eye but significant enough for a DNN-based classifier to misclassify it. This paper proposes a novel pre-processing technique that facilitates detection of such modified images under any DNN-based image classifier as well as attacker model. The proposed pre-processing algorithm involves a certain combination of principal component analysis (PCA)-based decomposition of the image, and random perturbation based detection to reduce computational complexity. Numerical experiments show that the proposed detection scheme outperforms a competing attack detection algorithm while achieving low false alarm rate and low computational complexity.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 1st ACM Workshop on Autonomous and Intelligent Mobile Systems

自引率

0.00%

发文量