{"title":"构建基于集成的分类器以保护决策支持系统免受对抗图像的非确定性方法:一个案例研究","authors":"G. R. Machado, Eugênio Silva, R. Goldschmidt","doi":"10.1145/3330204.3330282","DOIUrl":null,"url":null,"abstract":"In recent years, Deep Learning has presented impressive performance when solving complex image classification and recognition tasks in decision support systems. Nonetheless, studies have demonstrated Deep Learning models are susceptible to attacks conducted with adversarial images, i.e. images containing subtle perturbations in order to induce models to misclassification. The main existing countermeasures against adversarial images have shown ineficiency, permitting attackers to map their internal operation more easily. Therefore, this work aims to evaluate a defense method called MultiMagNet which randomly incorporates at runtime multiple defense components, implemented as autoencoders, in order to introduce an expanded form of non-determinism behavior for hindering evasions of adversarial nature. Experiments on CIFAR-10 dataset showed MultiMagNet was able to detect images generated by different attack algorithms.","PeriodicalId":348938,"journal":{"name":"Proceedings of the XV Brazilian Symposium on Information Systems","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"A Non-Deterministic Method to Construct Ensemble-Based Classifiers to Protect Decision Support Systems Against Adversarial Images: A Case Study\",\"authors\":\"G. R. Machado, Eugênio Silva, R. Goldschmidt\",\"doi\":\"10.1145/3330204.3330282\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, Deep Learning has presented impressive performance when solving complex image classification and recognition tasks in decision support systems. Nonetheless, studies have demonstrated Deep Learning models are susceptible to attacks conducted with adversarial images, i.e. images containing subtle perturbations in order to induce models to misclassification. The main existing countermeasures against adversarial images have shown ineficiency, permitting attackers to map their internal operation more easily. Therefore, this work aims to evaluate a defense method called MultiMagNet which randomly incorporates at runtime multiple defense components, implemented as autoencoders, in order to introduce an expanded form of non-determinism behavior for hindering evasions of adversarial nature. Experiments on CIFAR-10 dataset showed MultiMagNet was able to detect images generated by different attack algorithms.\",\"PeriodicalId\":348938,\"journal\":{\"name\":\"Proceedings of the XV Brazilian Symposium on Information Systems\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the XV Brazilian Symposium on Information Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3330204.3330282\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the XV Brazilian Symposium on Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3330204.3330282","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Non-Deterministic Method to Construct Ensemble-Based Classifiers to Protect Decision Support Systems Against Adversarial Images: A Case Study
In recent years, Deep Learning has presented impressive performance when solving complex image classification and recognition tasks in decision support systems. Nonetheless, studies have demonstrated Deep Learning models are susceptible to attacks conducted with adversarial images, i.e. images containing subtle perturbations in order to induce models to misclassification. The main existing countermeasures against adversarial images have shown ineficiency, permitting attackers to map their internal operation more easily. Therefore, this work aims to evaluate a defense method called MultiMagNet which randomly incorporates at runtime multiple defense components, implemented as autoencoders, in order to introduce an expanded form of non-determinism behavior for hindering evasions of adversarial nature. Experiments on CIFAR-10 dataset showed MultiMagNet was able to detect images generated by different attack algorithms.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
