Parametric Noise Injection: Trainable Randomness to Improve Deep Neural Network Robustness Against Adversarial Attack

Black-Box Adversarial Attack against Deep Neural Network Classifier Utilizing Quantized Probability Output

Journal of Signal Processing ◽

10.2299/jsp.24.145 ◽

2020 ◽

Vol 24 (4) ◽

pp. 145-148

Author(s):

Haruki Masuda ◽

Tsunato Nakai ◽

Kota Yoshida ◽

Takaya Kubota ◽

Mitsuru Shiozaki ◽

...

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

Black Box ◽

Neural Network Classifier ◽

Adversarial Attack

Download Full-text

Improving the accuracy and robustness of RRAM-based in-memory computing against RRAM hardware noise and adversarial attacks

Semiconductor Science and Technology ◽

10.1088/1361-6641/ac461f ◽

2021 ◽

Author(s):

Sai Kiran Cherupally ◽

Jian Meng ◽

Adnan Siraj Rakin ◽

Shihui Yin ◽

Injune Yeo ◽

...

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

State Of The Art ◽

Black Box ◽

Accuracy Improvement ◽

Training Scheme ◽

Injection Scheme ◽

Noise Injection ◽

Noise Data ◽

The Impact

Abstract We present a novel deep neural network (DNN) training scheme and RRAM in-memory computing (IMC) hardware evaluation towards achieving high robustness to the RRAM device/array variations and adversarial input attacks. We present improved IMC inference accuracy results evaluated on state-of-the-art DNNs including ResNet-18, AlexNet, and VGG with binary, 2-bit, and 4-bit activation/weight precision for the CIFAR-10 dataset. These DNNs are evaluated with measured noise data obtained from three different RRAM-based IMC prototype chips. Across these various DNNs and IMC chip measurements, we show that our proposed hardware noise-aware DNN training consistently improves DNN inference accuracy for actual IMC hardware, up to 8% accuracy improvement for the CIFAR-10 dataset. We also analyze the impact of our proposed noise injection scheme on the adversarial robustness of ResNet-18 DNNs with 1-bit, 2-bit, and 4-bit activation/weight precision. Our results show up to 6% improvement in the robustness to black-box adversarial input attacks.

Download Full-text

Adversarial attack and interpretability of the deep neural network from the geometric perspective

Scientia Sinica Informationis ◽

10.1360/ssi-2020-0169 ◽

2021 ◽

Vol 51 (9) ◽

pp. 1411

Author(s):

萌霏夏 ◽

子鹏叶 ◽

旺赵 ◽

冉易 ◽

永进刘

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

Adversarial Attack

Download Full-text

RADNN: ROBUST TO IMPERCEPTIBLE ADVERSARIAL ATTACKS DEEP NEURAL NETWORK

10.36227/techrxiv.16709359.v1 ◽

2021 ◽

Author(s):

Eduardo Soares ◽

plamen angelov

Keyword(s):

Neural Network ◽

Real Time ◽

Deep Neural Network ◽

Data Density ◽

Adversarial Attack

This paper presents the RADNN algorithm. The RADNN is a robust to imperceptible adversarial attack algorithm that uses the concept of data density and similarities to detect attacks on real-time. Differently from traditional deep learnings that need be trained on the attacks to be able to detect, RADNN has a mechanism that detects data patterns changes. In order to evaluate the proposed method, we considered the PerC attacks and a 1000 images from the Imagenet dataset. The RADNN could correctly identify 97.2% of the attacks.

Download Full-text

Improving Deep Neural Network Robustness with Siamese Empowered Adversarial Training

Security, Privacy, and Anonymity in Computation, Communication, and Storage - Lecture Notes in Computer Science ◽

10.1007/978-3-030-68851-6_4 ◽

2021 ◽

pp. 62-75

Author(s):

Yu Zhu ◽

Zongfei Li ◽

Fengyuan Xu ◽

Sheng Zhong

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

Network Robustness ◽

Adversarial Training

Download Full-text

RADNN: ROBUST TO IMPERCEPTIBLE ADVERSARIAL ATTACKS DEEP NEURAL NETWORK

10.36227/techrxiv.16709359 ◽

2021 ◽

Author(s):

Eduardo Soares ◽

plamen angelov

Keyword(s):

Neural Network ◽

Real Time ◽

Deep Neural Network ◽

Data Density ◽

Adversarial Attack

This paper presents the RADNN algorithm. The RADNN is a robust to imperceptible adversarial attack algorithm that uses the concept of data density and similarities to detect attacks on real-time. Differently from traditional deep learnings that need be trained on the attacks to be able to detect, RADNN has a mechanism that detects data patterns changes. In order to evaluate the proposed method, we considered the PerC attacks and a 1000 images from the Imagenet dataset. The RADNN could correctly identify 97.2% of the attacks.

Download Full-text

Playing Against Deep Neural Network-Based Object Detectors: A Novel Bidirectional Adversarial Attack Approach

IEEE Transactions on Artificial Intelligence ◽

10.1109/tai.2021.3107807 ◽

2021 ◽

pp. 1-1

Author(s):

Xiang Li ◽

Yuchen Jiang ◽

Chenglin Liu ◽

Shaochong Liu ◽

Hao Luo ◽

...

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

Adversarial Attack

Download Full-text

Study on Human Detection System Using Deep Neural Network and Alternative Learning for Autonomous Flying Drones

IEEJ Transactions on Industry Applications ◽

10.1541/ieejias.139.149 ◽

2019 ◽

Vol 139 (2) ◽

pp. 149-157

Author(s):

Itaru Nagayama ◽

Wakaki Uehara ◽

Takaya Miyazato

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

Detection System ◽

Human Detection ◽

Alternative Learning

Download Full-text

Estimating the Corneal Thickness for post-operative Laser Eye Surgery using Deep Neural Network

Polytechnic Journal ◽

10.25156/ptj.2018.8.2.128 ◽

2018 ◽

Vol 8 (2) ◽

pp. 80-91

Author(s):

Sumia Jaffer

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

Corneal Thickness ◽

Eye Surgery

Download Full-text

Deep Neural Network Classification of I-123 Ioflupane SPECT

10.26226/morressier.5e8335ba7cb08a046ef7c709 ◽

2020 ◽

Author(s):

David T. Wang ◽

Brady Williamson ◽

Thomas Eluvathingal ◽

Bruce Mahoney ◽

Jennifer Scheler

Keyword(s):

Neural Network ◽

Deep Neural Network ◽

Neural Network Classification

Download Full-text