Published on Thu Sep 19 2019

Propagated Perturbation of Adversarial Attack for well-known CNNs: Empirical Study and its Explanation

Jihyeun Yoon, Kyungyul Kim, Jongseong Jang

Deep Neural Network based classifiers are known to be vulnerable to perturbations of inputs constructed by an adversarial attack. Most studies have focused on how to make vulnerable noise by gradient based attack methods or to defense model from adversarial attacks.

0
0
0
Abstract

Deep Neural Network based classifiers are known to be vulnerable to perturbations of inputs constructed by an adversarial attack to force misclassification. Most studies have focused on how to make vulnerable noise by gradient based attack methods or to defense model from adversarial attack. The use of the denoiser model is one of a well-known solution to reduce the adversarial noise although classification performance had not significantly improved. In this study, we aim to analyze the propagation of adversarial attack as an explainable AI(XAI) point of view. Specifically, we examine the trend of adversarial perturbations through the CNN architectures. To analyze the propagated perturbation, we measured normalized Euclidean Distance and cosine distance in each CNN layer between the feature map of the perturbed image passed through denoiser and the non-perturbed original image. We used five well-known CNN based classifiers and three gradient-based adversarial attacks. From the experimental results, we observed that in most cases, Euclidean Distance explosively increases in the final fully connected layer while cosine distance fluctuated and disappeared at the last layer. This means that the use of denoiser can decrease the amount of noise. However, it failed to defense accuracy degradation.

Thu Oct 03 2019
Machine Learning
Perturbations are not Enough: Generating Adversarial Examples with Spatial Distortions
Deep neural network image classifiers are reported to be susceptible to adversarial evasion attacks. The proposed approach can produce visually more realistic attacks with smaller perturbations.
0
0
0
Tue May 23 2017
Machine Learning
Detecting Adversarial Image Examples in Deep Networks with Adaptive Noise Reduction
Many studies have demonstrated deep neural network (DNN) classifiers can be fooled by the adversarial example, which is crafted via introducing some perturbations into an original sample. We consider the perturbation to images as a kind of grotesquenoise and introduce two classic image processing
0
0
0
Mon Feb 19 2018
Artificial Intelligence
Divide, Denoise, and Defend against Adversarial Attacks
Deep neural networks are known to be unstable to adversarial attacks. To defend against such attacks, we propose dividing the input image into multiple patches. We then denoise each patch independently, and reconstructing the image. This proposeddefense mechanism is non-differentiable.
0
0
0
Fri Apr 12 2019
Computer Vision
Cycle-Consistent Adversarial GAN: the integration of adversarial attack and defense
Cycle-Consistent Adversarial GAN (CycleAdvGAN) can generate adversarial examples. CycleAdvGAN can generate perturbations efficiently for any instance. It has improved attack effect only trained on the dataset generated by any kind of adversarial attack.
0
0
0
Tue Dec 10 2019
Machine Learning
Feature Losses for Adversarial Robustness
Deep learning models are vulnerable to specifically crafted adversarial inputs. We employ an input processing technique based on denoising autoencoders. This technique achieves close to state-of-the-art results on defending MNIST and CIFAR10datasets.
0
0
0
Fri Nov 15 2019
Machine Learning
Simple iterative method for generating targeted universal adversarial perturbations
Deep neural networks (DNNs) are vulnerable to adversarial attacks. A single perturbation known as the universal adversarial perturbation (UAP) can foil most classification tasks conducted by DNNs. We propose a simple iterative method to generate UAPs for targeted
0
0
0