Back to Search
Start Over
SIT: Stochastic Input Transformation to Defend Against Adversarial Attacks on Deep Neural Networks
- Source :
- IEEE Design & Test, IEEE Design & Test, 2022, 39, pp.63-72. ⟨10.1109/MDAT.2021.3077542⟩
- Publication Year :
- 2022
- Publisher :
- HAL CCSD, 2022.
-
Abstract
- International audience; Deep Neural Networks (DNNs) have been deployed in a wide range of applications, including safety-critical domains, owing to their proven efficiency in solving complex problems. However, these systems have been shown vulnerable to adversarial attacks: carefully crafted perturbations that threaten their integrity and trustworthiness. Several defenses have been recently proposed. However, most of these techniques are costly to deploy since they require retraining and specific fine-tuning procedures. While there are pre-processing defenses that do not require retraining, these were shown to be ineffective against adaptive white-box attacks. In this paper, we propose a model-agnostic defense against adversarial attacks using stochastic pre-processing. Based on a process of down-sampling/up-sampling, we transform the input to a new sample that is: (i) close enough to the initial input to be classified correctly, and (ii) different enough to ignore any potential adversarial noise within it. The proposed defense is generic, easy to deploy and does not require any specific training or fine tuning. We tested our technique comparatively to state-of-the-art defenses under grey-box and strong white-box scenarios. Experimental results show that our defense achieves robustness of up to 94% and 93% against PGD and Cand#x0026;W attacks, respectively, under strong white-box scenario. IEEE
- Subjects :
- Convolutional Neural Networks
Convolution
[INFO.INFO-AI]Computer Science [cs]/Artificial Intelligence [cs.AI]
[SPI.TRON]Engineering Sciences [physics]/Electronics
Machine Learning
Kernel
[SPI]Engineering Sciences [physics]
[INFO.INFO-NI]Computer Science [cs]/Networking and Internet Architecture [cs.NI]
Stochastic processes
Hardware and Architecture
Image reconstruction
Security
Feature extraction
Training
[INFO]Computer Science [cs]
Electrical and Electronic Engineering
Robustness
[SPI.SIGNAL]Engineering Sciences [physics]/Signal and Image processing
Software
Adversarial Attacks
Subjects
Details
- Language :
- English
- ISSN :
- 21682356
- Database :
- OpenAIRE
- Journal :
- IEEE Design & Test, IEEE Design & Test, 2022, 39, pp.63-72. ⟨10.1109/MDAT.2021.3077542⟩
- Accession number :
- edsair.doi.dedup.....e9319c6b6b0be3c9ce7e834a33a6e12a