Deep Learning Based Adversarial Images Detection
Abstract
The threat of attack against deep learning based network is gradually strengthened in computer vision. The adversarial examples or images are produced by applying intentional a slight perturbation, which is not recognized by human, but can confuse the deep learning based classifier. To enhance the robustness of image classifier, we proposed several deep learning based algorithms (i.e., CNN-SVM, CNN-KNN, CNN-RF) to detect adversarial images. To improve the utilization rate of multi-layer features, an ensemble model based on two layer features generated by CNN is applied to detect adversarial examples. The accuracy, detection probability, fake alarm probability and miss probability are applied to evaluate our proposed algorithms. The results show that the ensemble model based on SVM can achieve the best performance (i.e., 94.5%) than other methods for testing remote sensing image dataset.
Keywords
Adversarial detection Deep learning Ensemble model Support vector machine (SVM) K-nearest neighbors (KNN) Random forest (RF)References
- 1.Gui, G., Huang, H., Song, Y., Sari, H.: Deep learning for an effective nonorthogonal multiple access scheme. IEEE Trans. Veh. Technol. 67(9), 8440–8450 (2018)CrossRefGoogle Scholar
- 2.Huang, H., Yang, J., Huang, H., Song, Y., Gui, G.: Deep learning for super-resolution channel estimation and DOA estimation based massive MIMO system. IEEE Trans. Veh. Technol. 67(9), 8549–8560 (2018)CrossRefGoogle Scholar
- 3.Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: International Conference on Learning Representations (ICLR), pp. 1–11 (2015)Google Scholar
- 4.Tabacof, P., Valle, E.: Exploring the space of adversarial images. In: Proceedings of International Joint Conference on Neural Networks (IJCNN), pp. 426–433 (2016)Google Scholar
- 5.Liang, B., Li, H., Su, M., Li, X., Shi, W., Wang, X.: Detecting adversarial image examples in deep neural networks with adaptive noise reduction. IEEE Trans. Dependable Secur. Comput. (2018). https://doi.org/10.1109/TDSC.2018.2874243CrossRefGoogle Scholar
- 6.Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale. In: International Conference on Learning Representations (ICLR), pp. 1–17 (2017)Google Scholar
- 7.He, W., Wei, J., Chen, X., Carlini, N., Song, D.: Adversarial example defenses: ensembles of weak defenses are not strong (2017). http://arxiv.org/abs/1706.04701
- 8.Li, X., Li, F.: Adversarial examples detection in deep networks with convolutional filter statistics. In: IEEE International Conference on Computer Vision (ICCV), pp. 5775–5783 (2017)Google Scholar
- 9.Zhang, M., Li, W., Du, Q.: Diverse region-based CNN for hyperspectral image classification. IEEE Trans. Image Process. 27(6), 2623–2634 (2018)MathSciNetCrossRefGoogle Scholar
- 10.Fawzi, A., Moosavi-Dezfooli, S.-M., Frossard, P.: Robustness of classifiers: from adversarial to random noise. In: 30th Conference on Neural Information Processing Systems (NIPS), pp. 1632–1640 (2016)Google Scholar
- 11.Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE Symposium on Security and Privacy (SSP), pp. 39–57 (2017)Google Scholar