SIT: Stochastic Input Transformation to Defend Against Adversarial Attacks on Deep Neural Networks

Archive ouverte : Article de revue

Guesmi, Amira | Alouani, Ihsen | Baklouti, Mouna | Frikha, Tarek | Abid, Mohamed

Edité par HAL CCSD ; IEEE

International audience. Deep Neural Networks (DNNs) have been deployed in a wide range of applications, including safety-critical domains, owing to their proven efficiency in solving complex problems. However, these systems have been shown vulnerable to adversarial attacks: carefully crafted perturbations that threaten their integrity and trustworthiness. Several defenses have been recently proposed. However, most of these techniques are costly to deploy since they require retraining and specific fine-tuning procedures. While there are pre-processing defenses that do not require retraining, these were shown to be ineffective against adaptive white-box attacks. In this paper, we propose a model-agnostic defense against adversarial attacks using stochastic pre-processing. Based on a process of down-sampling/up-sampling, we transform the input to a new sample that is: (i) close enough to the initial input to be classified correctly, and (ii) different enough to ignore any potential adversarial noise within it. The proposed defense is generic, easy to deploy and does not require any specific training or fine tuning. We tested our technique comparatively to state-of-the-art defenses under grey-box and strong white-box scenarios. Experimental results show that our defense achieves robustness of up to 94% and 93% against PGD and Cand#x0026;W attacks, respectively, under strong white-box scenario. IEEE

Consulter en ligne

Suggestions

Du même auteur

Defensive approximation: securing CNNs using approximate computing | Guesmi, Amira

Defensive approximation: securing CNNs using approximate computing

Archive ouverte: Communication dans un congrès

Guesmi, Amira | 2021-04-19

International audience. In the past few years, an increasing number of machine-learning and deep learning structures, such as Convolutional Neural Networks (CNNs), have been applied to solving a wide range of real-l...

Towards an Agile Design Methodology for Efficient, Reliable, and Secure ML Systems. Special Session | Dave, Shail

Towards an Agile Design Methodology for Efficient, Reliable, and Secure ML ...

Archive ouverte: Communication dans un congrès

Dave, Shail | 2022-04-25

International audience. The real-world use cases of Machine Learning (ML) have exploded over the past few years. However, the current computing infrastructure is insufficient to support all real-world applications a...

ROOM: Adversarial Machine Learning Attacks Under Real-Time Constraints | Guesmi, Amira

ROOM: Adversarial Machine Learning Attacks Under Real-Time Constraints

Archive ouverte: Communication dans un congrès

Guesmi, Amira | 2022-07-18

International audience. Advances in deep-learning have enabled a wide range of promising applications. However, these systems are vulnerable to adversarial attacks; adversarially crafted pertur-bations to their inpu...

Du même sujet

Ingénierie et évaluation des compétences / Guy Le Boterf | Le Boterf, Guy (19..-....). Auteur

Ingénierie et évaluation des compétences / Guy Le Boterf

Livre | Le Boterf, Guy (19..-....). Auteur | 2010 - 6e édition

Tout ce que vous voulez savoir sur l'ingénierie et l'évaluation des compétences, avec un ensemble de fiches sur : la définition des compétences et du professionnalisme ; la construction des parcours de professionnalisation ; la co...

Faire la paix : la part des institutions internationales / sous la direction de Guillaume Devin |

Faire la paix : la part des institutions internationales / sous la directio...

Livre | 2009 - [Nouvelle édition entièrement refondue et actualisée]

EME-Net: A U-net-based Indoor EMF Exposure Map Reconstruction Method | Mallik, Mohammed

EME-Net: A U-net-based Indoor EMF Exposure Map Reconstruction Method

Archive ouverte: Communication dans un congrès

Mallik, Mohammed | 2022-03-27

International audience. In wireless communication systems, in order to respond to the perception of risks related to electromagnetic field exposure and allocate radio resources, the estimation of the received power ...

Lower Voltage for Higher Security: Using Voltage Overscaling to Secure Deep Neural Networks | Islam, Shohidul

Lower Voltage for Higher Security: Using Voltage Overscaling to Secure Deep...

Archive ouverte: Communication dans un congrès

Islam, Shohidul | 2021-11-01

International audience. Deep neural networks (DNNs) are shown to be vulnerable to adversarial attacks-- carefully crafted additive noise that undermines DNNs integrity. Previously proposed defenses against these att...

10. Incremental learning of convolutional neural networks in bioinformatics | Mousser, Wafa

10. Incremental learning of convolutional neural networks in bioinformatics

Archive ouverte: Type de document indéfini

Mousser, Wafa | 2022

International audience. In recent years, convolutional neural networks (CNNs) have been widely used in various computer visual recognition tasks and then extensively applied for medical images, particularly for comp...

9. Incremental deep learning model for plant leaf diseases detection | Ouadfel, Salima

9. Incremental deep learning model for plant leaf diseases detection

Archive ouverte: Type de document indéfini

Ouadfel, Salima | 2022-09-30

International audience. In recent years, deep learning has revolutionized machine learning and has been used with great success in various engineering fields, such as transportation, agriculture, finance, and market...

Chargement des enrichissements...