ROOM: Adversarial Machine Learning Attacks Under Real-Time Constraints | Guesmi, Amira
/5

0 avis

ROOM: Adversarial Machine Learning Attacks Under Real-Time Constraints

Archive ouverte : Communication dans un congrès

Guesmi, Amira | Khasawneh, Khaled | Abu-Ghazaleh, Nael | Alouani, Ihsen

Edité par HAL CCSD ; IEEE

International audience. Advances in deep-learning have enabled a wide range of promising applications. However, these systems are vulnerable to adversarial attacks; adversarially crafted pertur-bations to their inputs could cause them to misclassify. Most state-of-the-art adversarial attack generation algorithms focus primarily on controlling the noise magnitude to make it undetectable. The execution time is a secondary consideration for these attacks and the underlying assumption is that there are no time constraints. However, just-in-time adversarial attacks where an attacker opportunistically generates adversarial examples on-the-fly represent an even more critical threat, especially against real-time applications. Therefore, this paper introduces a new problem: how to systematically generate adversarial noise under real-time constraints? Understanding this problem improves our understanding of the threat these attacks pose to real-time systems and provides security evaluation benchmarks for future defenses. Therefore, first, we conduct a run-time analysis of adversarial generation algorithms. Our analysis show that universal attacks produce a general attack offline, with no online overhead. However, their success rate is limited because of their generality. In contrast, online algorithms, which target a specific input, are computationally expensive, making them inappropriate under time constraints. Thus, we propose ROOM, a novel Real-time Online-Offline attack construction Model where an offline component warms up the online algorithm, making it possible to generate highly successful attacks under time constraints. Our results show that ROOM can achieve high attack success rates under real-time constraints with up to 90x faster adversarial attack generation than state-of-the-art methods. For example, ROOM achieves 100% adversarial attack success rate on MNIST with a throughput of up to 1250 frame per second (FPS), more than 60% success rate with 200 FPS on CIFAR-10 and 60% with 16 FPS on ImageNet.

Consulter en ligne

Suggestions

Du même auteur

Defensive approximation: securing CNNs using approximate computing | Guesmi, Amira

Defensive approximation: securing CNNs using approximate computing

Archive ouverte: Communication dans un congrès

Guesmi, Amira | 2021-04-19

International audience. In the past few years, an increasing number of machine-learning and deep learning structures, such as Convolutional Neural Networks (CNNs), have been applied to solving a wide range of real-l...

Lower Voltage for Higher Security: Using Voltage Overscaling to Secure Deep Neural Networks | Islam, Shohidul

Lower Voltage for Higher Security: Using Voltage Overscaling to Secure Deep...

Archive ouverte: Communication dans un congrès

Islam, Shohidul | 2021-11-01

International audience. Deep neural networks (DNNs) are shown to be vulnerable to adversarial attacks-- carefully crafted additive noise that undermines DNNs integrity. Previously proposed defenses against these att...

Towards an Agile Design Methodology for Efficient, Reliable, and Secure ML Systems. Special Session | Dave, Shail

Towards an Agile Design Methodology for Efficient, Reliable, and Secure ML ...

Archive ouverte: Communication dans un congrès

Dave, Shail | 2022-04-25

International audience. The real-world use cases of Machine Learning (ML) have exploded over the past few years. However, the current computing infrastructure is insufficient to support all real-world applications a...

Du même sujet

Reading History of Science as a Physics and Mathematics Framework for Newton Geneva Edition (1822) | Pisano, Raffaele

Reading History of Science as a Physics and Mathematics Framework for Newto...

Archive ouverte: Communication dans un congrès

Pisano, Raffaele | 2017-04-19

International audience

On Mechanics and Thermodynamics Analogies in History of Physics-Mathematics and Teaching Science | Pisano, Raffaele

On Mechanics and Thermodynamics Analogies in History of Physics-Mathematics...

Archive ouverte: Communication dans un congrès

Pisano, Raffaele | 2017-05-12

International audience

On the epistemic interplay between physics and mathematics such as a dynamical framework within nos–research teaching science | Pisano, Raffaele

On the epistemic interplay between physics and mathematics such as a dynami...

Archive ouverte: Communication dans un congrès

Pisano, Raffaele | 2017-06-12

International audience

A CMOS Compatible Thermoelectric Device made of Crystalline Silicon Membranes with Nanopores | Bah, Thierno-Moussa

A CMOS Compatible Thermoelectric Device made of Crystalline Silicon Membran...

Archive ouverte: Article de revue

Bah, Thierno-Moussa | 2022-12-10

International audience. Herein, we report the use of nanostructured crystalline silicon as a thermoelectric material and its integration into thermoelectric devices. The proof-of-concept relies on the partial suppre...

Effet de l'angle de charge sur les harmoniques d'efforts magnétiques dans les machines synchrones à aimants permanents surfaciques | Le Besnerais, Jean

Effet de l'angle de charge sur les harmoniques d'efforts magnétiques dans l...

Archive ouverte: Communication dans un congrès

Le Besnerais, Jean | 2016-06-07

International audience. Cet article étudie l'effet de l'angle de charge sur les efforts harmoniques de Maxwell (tangentiels et radiaux) et les bruits et vibrations d'origine magnétique dans deux machines synchrones ...

Further investigation of convolutional neural networks applied in computational electromagnetism under physics‐informed consideration | Gong, Ruohan

Further investigation of convolutional neural networks applied in computati...

Archive ouverte: Article de revue

Gong, Ruohan | 2022-04-07

International audience. Convolutional neural networks (CNN) have shown great potentials and have been proven to be an effective tool for some image-based deep learning tasks in the field of computational electromagn...

Chargement des enrichissements...