Abstract
Deep neural networks have achieved high performance in a variety of image recognition tasks. However, it is reported that the performance on image recognition of these networks is unstable to slight perturbations of images. To verify this weakness, we propose DeceiveDeep, a gradient-based algorithm for deceiving deep neural networks in this paper. There exists a lot of gradient-based attack methods, such as the L-BFGS, FGSM, and Deepfool. Specifically, based on an original method, L-BFGS, we exploit the Euclid norm of the gradient to update the space vector in an image to generate a deceivable image for fooling deep neural networks. We construct three types of deep neural network models and one convolutional neural network for testing the proposed algorithm. Based on the MNIST dataset and the Fashion-MNIST dataset, we evaluate the effectiveness of DeceiveDeep in terms of accuracy on training and testing data, and CNN model, respectively. The experimental results show that, comparing with L-BFGS, DeceiveDeep dramatically decreases the accuracy of the deep models on image recognition.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Xie, T., Li, Y.: Efficient integer vector homomorphic encryption using deep learning for neural networks. In: Cheng, L., Leung, A.C.S., Ozawa, S. (eds.) ICONIP 2018. LNCS, vol. 11301, pp. 83–95. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-04167-0_8
Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint, arXiv:1312.6199 (2013)
Bengio, Y.: Learning deep architectures for AI. Found. Trends® Mach. Learn. 2, 1–127 (2009). https://doi.org/10.1561/2200000006
Hinton, G.E.: Learning multiple layers of representation. Trends Cogn. Sci. 11, 428–434 (2007). https://doi.org/10.1016/j.tics.2007.09.004
Yuan, X., He, P., Zhu, Q., Li, X.: Adversarial examples: attacks and defenses for deep learning. IEEE Trans. Neural Netw. Learn. Syst. 30, 2805–2824 (2019). https://doi.org/10.1109/TNNLS.2018.2886017
Felzenszwalb, P., McAllester, D., Ramanan, D.: A discriminatively trained, multiscale, deformable part model. In: 2008 IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–8. IEEE Press, New York (2008). https://doi.org/10.1109/CVPR.2008.4587597
Floreano, D., Mattiussi, C.: Bio-inspired Artificial Intelligence: Theories, Methods, and Technologies. MIT Press, Cambridge (2008)
Cully, A., Clune, J., Tarapore, D., Mouret, J.B.: Robots that can adapt like animals. Nature 521, 503–507 (2015). https://doi.org/10.1038/nature14422
Girshick, R., Donahue, J., Darrell, T., Malik, J.: Rich feature hierarchies for accurate object detection and semantic segmentation. In: 2014 IEEE Conference on CVPR, pp. 580–587. IEEE Press, New York (2014). https://doi.org/10.1109/CVPR.2014.81
Goodfellow, I., Lee, H., Le, Q.V., Andrew, Y.N.: Measuring invariances in deep networks. In: Proceedings of the 22nd International Conference on NIPS, pp. 646–654. ACM (2009). https://doi.org/10.5555/2984093.2984166
Zeiler, M.D., Fergus, R.: Visualizing and understanding convolutional networks. In: Fleet, D., Pajdla, T., Schiele, B., Tuytelaars, T. (eds.) ECCV 2014. LNCS, vol. 8689, pp. 818–833. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10590-1_53
Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. arXiv preprint, arXiv:1301.3781 (2013)
Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. Commun. ACM 60, 84–90 (2012). https://doi.org/10.1145/3065386
LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86, 2278–2324 (1998). https://doi.org/10.1109/5.726791
Nguyen, A., Yosinski, J., Clune, J.: Deep neural networks are easily fooled: High confidence predictions for unrecognizable images. In: CVPR, pp. 427–436. IEEE Press (2015).https://doi.org/10.1109/CVPR.2015.7298640
Simonyan, K., Vedaldi, A., Zisserman, A.: Deep inside convolutional networks: visualising image classification models and saliency maps. arXiv preprint, arXiv:1312.6034 (2013)
Luo, C., Li, Z., Huang, K., Feng, J., Wang, M.: Zero-shot learning via attribute regression and class prototype rectification. IEEE Trans. Image Process. 27, 637–648 (2018). https://doi.org/10.1109/TIP.2017.2745109
Hu, G., Peng, X., Yang, Y., Hospedales, T.M., Verbeek, J.: Frankenstein: learning deep face representations using small data. IEEE Trans. Image Process. 27, 293–303 (2018). https://doi.org/10.1109/TIP.2017.2756450
Zhou, H., Wornell, G.: Efficient homomorphic encryption on integer vectors and its applications. In: 2014 Information Theory and Applications Workshop, pp. 1–9. IEEE Press, New York (2014). https://doi.org/10.1109/ITA.2014.6804228
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint, arXiv:1412.6572 (2014)
Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: Deepfool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on CVPR, pp. 2574–2582. IEEE (2016). https://doi.org/10.1109/CVPR.2016.282
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Xie, T., Li, Y. (2019). A Gradient-Based Algorithm to Deceive Deep Neural Networks. In: Gedeon, T., Wong, K., Lee, M. (eds) Neural Information Processing. ICONIP 2019. Communications in Computer and Information Science, vol 1142. Springer, Cham. https://doi.org/10.1007/978-3-030-36808-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-36808-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-36807-4
Online ISBN: 978-3-030-36808-1
eBook Packages: Computer ScienceComputer Science (R0)