GAN-based classifier protection against adversarial attacks

Shuqi Liu; Mingwen Shao; Xinping Liu

doi:10.3233/jifs-200280

GAN-based classifier protection against adversarial attacks

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-200280 ◽

2020 ◽

Vol 39 (5) ◽

pp. 7085-7095

Author(s):

Shuqi Liu ◽

Mingwen Shao ◽

Xinping Liu

Keyword(s):

Neural Network ◽

Deep Neural Networks ◽

Significant Progress ◽

Security Issue ◽

Generative Adversarial Network ◽

Adversarial Network ◽

The Neural Network ◽

Benchmark Datasets ◽

Adversarial Examples ◽

Adversarial Example

In recent years, deep neural networks have made significant progress in image classification, object detection and face recognition. However, they still have the problem of misclassification when facing adversarial examples. In order to address security issue and improve the robustness of the neural network, we propose a novel defense network based on generative adversarial network (GAN). The distribution of clean - and adversarial examples are matched to solve the mentioned problem. This guides the network to remove invisible noise accurately, and restore the adversarial example to a clean example to achieve the effect of defense. In addition, in order to maintain the classification accuracy of clean examples and improve the fidelity of neural network, we input clean examples into proposed network for denoising. Our method can effectively remove the noise of the adversarial examples, so that the denoised adversarial examples can be correctly classified. In this paper, extensive experiments are conducted on five benchmark datasets, namely MNIST, Fashion-MNIST, CIFAR10, CIFAR100 and ImageNet. Moreover, six mainstream attack methods are adopted to test the robustness of our defense method including FGSM, PGD, MIM, JSMA, CW and Deep-Fool. Results show that our method has strong defensive capabilities against the tested attack methods, which confirms the effectiveness of the proposed method.

Download Full-text

Transferable Adversarial Attacks for Image and Video Object Detection

Proceedings of the Twenty-Eighth International Joint Conference on Artificial Intelligence ◽

10.24963/ijcai.2019/134 ◽

2019 ◽

Cited By ~ 8

Author(s):

Xingxing Wei ◽

Siyuan Liang ◽

Ning Chen ◽

Xiaochun Cao

Keyword(s):

Object Detection ◽

Video Data ◽

Detection Methods ◽

Feature Maps ◽

Generative Adversarial Network ◽

Adversarial Network ◽

Adversarial Examples ◽

Adversarial Example ◽

High Level ◽

Image Object Detection

Identifying adversarial examples is beneficial for understanding deep networks and developing robust models. However, existing attacking methods for image object detection have two limitations: weak transferability---the generated adversarial examples often have a low success rate to attack other kinds of detection methods, and high computation cost---they need much time to deal with video data, where many frames need polluting. To address these issues, we present a generative method to obtain adversarial images and videos, thereby significantly reducing the processing time. To enhance transferability, we manipulate the feature maps extracted by a feature network, which usually constitutes the basis of object detectors. Our method is based on the Generative Adversarial Network (GAN) framework, where we combine a high-level class loss and a low-level feature loss to jointly train the adversarial example generator. Experimental results on PASCAL VOC and ImageNet VID datasets show that our method efficiently generates image and video adversarial examples, and more importantly, these adversarial examples have better transferability, therefore being able to simultaneously attack two kinds of representative object detection models: proposal based models like Faster-RCNN and regression based models like SSD.

Download Full-text

The Defense of Adversarial Example with Conditional Generative Adversarial Networks

Security and Communication Networks ◽

10.1155/2020/3932584 ◽

2020 ◽

Vol 2020 ◽

pp. 1-12

Author(s):

Fangchao Yu ◽

Li Wang ◽

Xianjin Fang ◽

Youwen Zhang

Keyword(s):

Defense Mechanism ◽

Network Models ◽

Generative Adversarial Networks ◽

Generative Adversarial Network ◽

Adversarial Network ◽

Adversarial Networks ◽

Learning Tasks ◽

Adversarial Examples ◽

Adversarial Example ◽

Network Approaches

Deep neural network approaches have made remarkable progress in many machine learning tasks. However, the latest research indicates that they are vulnerable to adversarial perturbations. An adversary can easily mislead the network models by adding well-designed perturbations to the input. The cause of the adversarial examples is unclear. Therefore, it is challenging to build a defense mechanism. In this paper, we propose an image-to-image translation model to defend against adversarial examples. The proposed model is based on a conditional generative adversarial network, which consists of a generator and a discriminator. The generator is used to eliminate adversarial perturbations in the input. The discriminator is used to distinguish generated data from original clean data to improve the training process. In other words, our approach can map the adversarial images to the clean images, which are then fed to the target deep learning model. The defense mechanism is independent of the target model, and the structure of the framework is universal. A series of experiments conducted on MNIST and CIFAR10 show that the proposed method can defend against multiple types of attacks while maintaining good performance.

Download Full-text

Network Attacks Detection Methods Based on Deep Learning Techniques: A Survey

Security and Communication Networks ◽

10.1155/2020/8872923 ◽

2020 ◽

Vol 2020 ◽

pp. 1-17

Author(s):

Yirui Wu ◽

Dabao Wei ◽

Jun Feng

Keyword(s):

Neural Network ◽

Deep Learning ◽

Attack Detection ◽

Detection Methods ◽

Generative Adversarial Network ◽

Network Attacks ◽

Adversarial Network ◽

Fifth Generation ◽

Learning Techniques ◽

Benchmark Datasets

With the development of the fifth-generation networks and artificial intelligence technologies, new threats and challenges have emerged to wireless communication system, especially in cybersecurity. In this paper, we offer a review on attack detection methods involving strength of deep learning techniques. Specifically, we firstly summarize fundamental problems of network security and attack detection and introduce several successful related applications using deep learning structure. On the basis of categorization on deep learning methods, we pay special attention to attack detection methods built on different kinds of architectures, such as autoencoders, generative adversarial network, recurrent neural network, and convolutional neural network. Afterwards, we present some benchmark datasets with descriptions and compare the performance of representing approaches to show the current working state of attack detection methods with deep learning structures. Finally, we summarize this paper and discuss some ways to improve the performance of attack detection under thoughts of utilizing deep learning structures.

Download Full-text

Simplicial-Map Neural Networks Robust to Adversarial Examples

Mathematics ◽

10.3390/math9020169 ◽

2021 ◽

Vol 9 (2) ◽

pp. 169

Author(s):

Eduardo Paluzo-Hidalgo ◽

Rocio Gonzalez-Diaz ◽

Miguel A. Gutiérrez-Naranjo ◽

Jónathan Heras

Keyword(s):

Neural Network ◽

Neural Networks ◽

Algebraic Topology ◽

Classification Problem ◽

Classification Model ◽

The Neural Network ◽

Input Dataset ◽

Adversarial Examples ◽

Simplicial Map ◽

Adversarial Example

Broadly speaking, an adversarial example against a classification model occurs when a small perturbation on an input data point produces a change on the output label assigned by the model. Such adversarial examples represent a weakness for the safety of neural network applications, and many different solutions have been proposed for minimizing their effects. In this paper, we propose a new approach by means of a family of neural networks called simplicial-map neural networks constructed from an Algebraic Topology perspective. Our proposal is based on three main ideas. Firstly, given a classification problem, both the input dataset and its set of one-hot labels will be endowed with simplicial complex structures, and a simplicial map between such complexes will be defined. Secondly, a neural network characterizing the classification problem will be built from such a simplicial map. Finally, by considering barycentric subdivisions of the simplicial complexes, a decision boundary will be computed to make the neural network robust to adversarial attacks of a given size.

Download Full-text

Spectra Recognition Model for O-type Stars Based on Data Augmentation

Frontiers in Astronomy and Space Sciences ◽

10.3389/fspas.2021.634328 ◽

2021 ◽

Vol 8 ◽

Author(s):

Wen-Yu Yang ◽

Ke-Fei Wu ◽

A-Li Luo ◽

Zhi-Qiang Zou

Keyword(s):

Neural Network ◽

Data Augmentation ◽

Network Models ◽

Neural Network Models ◽

Generative Adversarial Network ◽

Validation Data ◽

Data Set ◽

Recognition Model ◽

Adversarial Network ◽

The Neural Network

It is an ongoing issue in astronomy to recognize and classify O-type spectra comprehensively. The neural network is a popular recognition model based on data. The number of O-stars collected in LAMOST is <1% of AFGK stars, and there are only 127 O-type stars in the data release seven version. Therefore, there are not enough O-type samples available for recognition models. As a result, the existing neural network models are not effective in identifying such rare star spectra. This paper proposed a novel spectra recognition model (called LCGAN model) to solve this problem with data augmentation, which is based on Locally Connected Generative Adversarial Network (LCGAN). The LCGAN introduced the locally connected convolution and two timescale update rule to generate O-type stars' spectra. In addition, the LCGAN model adopted residual and attention mechanisms to recognize O-type spectra. To evaluate the performance of proposed models, we conducted a comparative experiment using a stellar spectral data set, which consists of more than 40,000 spectra, collected by the large sky area multi-object fiber spectroscopic telescope (LAMOST). The experimental results showed that the LCGAN model could generate meaningful O-type spectra. In our validation data set, the recognition accuracy of the data enhanced recognition model can reach 93.67%, 8.66% higher than that of the non-data enhanced identification model, which lays a good foundation for further analysis of astronomical spectra.

Download Full-text

Understanding the role of individual units in a deep neural network

Proceedings of the National Academy of Sciences ◽

10.1073/pnas.1907375117 ◽

2020 ◽

Vol 117 (48) ◽

pp. 30071-30078 ◽

Cited By ~ 1

Author(s):

David Bau ◽

Jun-Yan Zhu ◽

Hendrik Strobelt ◽

Agata Lapedriza ◽

Bolei Zhou ◽

...

Keyword(s):

Neural Network ◽

Deep Neural Networks ◽

Image Editing ◽

Image Generation ◽

Scene Classification ◽

Analytic Framework ◽

Generative Adversarial Network ◽

Adversarial Network ◽

Hierarchical Representations

Deep neural networks excel at finding hierarchical representations that solve complex tasks over large datasets. How can we humans understand these learned representations? In this work, we present network dissection, an analytic framework to systematically identify the semantics of individual hidden units within image classification and image generation networks. First, we analyze a convolutional neural network (CNN) trained on scene classification and discover units that match a diverse set of object concepts. We find evidence that the network has learned many object classes that play crucial roles in classifying scene classes. Second, we use a similar analytic method to analyze a generative adversarial network (GAN) model trained to generate scenes. By analyzing changes made when small sets of units are activated or deactivated, we find that objects can be added and removed from the output scenes while adapting to the context. Finally, we apply our analytic framework to understanding adversarial attacks and to semantic image editing.

Download Full-text

Hardening Deep Neural Networks in Condition Monitoring Systems against Adversarial Example Attacks

Machine Learning for Cyber Physical Systems - Technologien für die intelligente Automation ◽

10.1007/978-3-662-62746-4_11 ◽

2020 ◽

pp. 103-111

Author(s):

Felix Specht ◽

Jens Otto

Keyword(s):

Neural Network ◽

Neural Networks ◽

Condition Monitoring ◽

Deep Neural Network ◽

Deep Neural Networks ◽

Production Systems ◽

Monitoring Systems ◽

Condition Monitoring Systems ◽

Adversarial Examples ◽

Adversarial Example

AbstractCondition monitoring systems based on deep neural networks are used for system failure detection in cyber-physical production systems. However, deep neural networks are vulnerable to attacks with adversarial examples. Adversarial examples are manipulated inputs, e.g. sensor signals, are able to mislead a deep neural network into misclassification. A consequence of such an attack may be the manipulation of the physical production process of a cyber-physical production system without being recognized by the condition monitoring system. This can result in a serious threat for production systems and employees. This work introduces an approach named CyberProtect to prevent misclassification caused by adversarial example attacks. The approach generates adversarial examples for retraining a deep neural network which results in a hardened variant of the deep neural network. The hardened deep neural network sustains a significant better classification rate (82% compared to 20%) while under attack with adversarial examples, as shown by empirical results.

Download Full-text

Perceptual-Sensitive GAN for Generating Adversarial Patches

Proceedings of the AAAI Conference on Artificial Intelligence ◽

10.1609/aaai.v33i01.33011028 ◽

2019 ◽

Vol 33 ◽

pp. 1028-1035 ◽

Cited By ~ 15

Author(s):

Aishan Liu ◽

Xianglong Liu ◽

Jiaxin Fan ◽

Yuqing Ma ◽

Anlan Zhang ◽

...

Keyword(s):

Large Scale ◽

Deep Neural Networks ◽

State Of The Art ◽

Black Box ◽

Perceptual Sensitivity ◽

Generative Adversarial Network ◽

Adversarial Network ◽

Adversarial Examples ◽

Image Context ◽

Visual Fidelity

Deep neural networks (DNNs) are vulnerable to adversarial examples where inputs with imperceptible perturbations mislead DNNs to incorrect results. Recently, adversarial patch, with noise confined to a small and localized patch, emerged for its easy accessibility in real-world. However, existing attack strategies are still far from generating visually natural patches with strong attacking ability, since they often ignore the perceptual sensitivity of the attacked network to the adversarial patch, including both the correlations with the image context and the visual attention. To address this problem, this paper proposes a perceptual-sensitive generative adversarial network (PS-GAN) that can simultaneously enhance the visual fidelity and the attacking ability for the adversarial patch. To improve the visual fidelity, we treat the patch generation as a patch-to-patch translation via an adversarial process, feeding any types of seed patch and outputting the similar adversarial patch with high perceptual correlation with the attacked image. To further enhance the attacking ability, an attention mechanism coupled with adversarial generation is introduced to predict the critical attacking areas for placing the patches, which can help producing more realistic and aggressive patches. Extensive experiments under semi-whitebox and black-box settings on two large-scale datasets GTSRB and ImageNet demonstrate that the proposed PS-GAN outperforms state-of-the-art adversarial patch attack methods.

Download Full-text

Role of General Adversarial Networks in Mammogram Analysis: A Review

Current Medical Imaging Formerly Current Medical Imaging Reviews ◽

10.2174/1573405614666191115102318 ◽

2020 ◽

Vol 16 (7) ◽

pp. 863-877

Author(s):

Annapoorani Gopal ◽

Lathaselvi Gandhimaruthian ◽

Javid Ali

Keyword(s):

Breast Tumor ◽

Deep Neural Networks ◽

Training Data ◽

Learning Technology ◽

Breast Cancers ◽

Generative Adversarial Network ◽

Adversarial Network ◽

Adversarial Networks ◽

Tumor Extraction

The Deep Neural Networks have gained prominence in the biomedical domain, becoming the most commonly used networks after machine learning technology. Mammograms can be used to detect breast cancers with high precision with the help of Convolutional Neural Network (CNN) which is deep learning technology. An exhaustive labeled data is required to train the CNN from scratch. This can be overcome by deploying Generative Adversarial Network (GAN) which comparatively needs lesser training data during a mammogram screening. In the proposed study, the application of GANs in estimating breast density, high-resolution mammogram synthesis for clustered microcalcification analysis, effective segmentation of breast tumor, analysis of the shape of breast tumor, extraction of features and augmentation of the image during mammogram classification have been extensively reviewed.

Download Full-text

An efficient pruning scheme of deep neural networks for Internet of Things applications

EURASIP Journal on Advances in Signal Processing ◽

10.1186/s13634-021-00744-4 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Chen Qi ◽

Shibo Shen ◽

Rongpeng Li ◽

Zhifeng Zhao ◽

Qing Liu ◽

...

Keyword(s):

Neural Network ◽

Neural Networks ◽

Internet Of Things ◽

Deep Neural Networks ◽

Computational Cost ◽

Superior Performance ◽

Compact Structure ◽

Resource Limited ◽

Benchmark Datasets ◽

Iot Devices

AbstractNowadays, deep neural networks (DNNs) have been rapidly deployed to realize a number of functionalities like sensing, imaging, classification, recognition, etc. However, the computational-intensive requirement of DNNs makes it difficult to be applicable for resource-limited Internet of Things (IoT) devices. In this paper, we propose a novel pruning-based paradigm that aims to reduce the computational cost of DNNs, by uncovering a more compact structure and learning the effective weights therein, on the basis of not compromising the expressive capability of DNNs. In particular, our algorithm can achieve efficient end-to-end training that transfers a redundant neural network to a compact one with a specifically targeted compression rate directly. We comprehensively evaluate our approach on various representative benchmark datasets and compared with typical advanced convolutional neural network (CNN) architectures. The experimental results verify the superior performance and robust effectiveness of our scheme. For example, when pruning VGG on CIFAR-10, our proposed scheme is able to significantly reduce its FLOPs (floating-point operations) and number of parameters with a proportion of 76.2% and 94.1%, respectively, while still maintaining a satisfactory accuracy. To sum up, our scheme could facilitate the integration of DNNs into the common machine-learning-based IoT framework and establish distributed training of neural networks in both cloud and edge.

Download Full-text