article

Denoising Autoencoder-Based Defensive Distillation as an Adversarial Robustness Algorithm Against Data Poisoning Attacks

Authors:

José Cecílio,

António CasimiroAuthors Info & Claims

ACM SIGAda Ada Letters, Volume 43, Issue 2

Pages 30 - 35

https://doi.org/10.1145/3672359.3672362

Published: 07 June 2024 Publication History

Abstract

Deep neural networks (DNNs) have demonstrated promising performances in handling complex real-world scenarios, surpassing human intelligence. Despite their exciting performances, DNNs are not robust against adversarial attacks. They are specifically vulnerable to data poisoning attacks where attackers meddle with the initial training data, despite the multiple defensive methods available, such as defensive distillation. However, defensive distillation has shown promising results in robustifying image classification deep learning (DL) models against adversarial attacks at the inference level, but they remain vulnerable to data poisoning attacks. This work incorporates a data denoising and reconstruction framework with a defensive distillation methodology to defend against such attacks. We leverage a denoising autoencoder (DAE) to develop a data reconstruction and filtering pipeline with a well-designed reconstruction threshold. We added carefully created adversarial examples to the initial training data to assess the proposed method's performance. Our experimental findings demonstrate that the proposed methodology significantly reduced the vulnerability of the defensive distillation framework to a data poison attack.

References

[1]

Y. Chen, M. Zhang, J. Li, and X. Kuang, "Adversarial attacks and defenses in image classification: A practical perspective," in 2022 7th International Conference on Image, Vision and Computing (ICIVC), pp. 424--430, IEEE, 2022.

[2]

N. Papernot, P. McDaniel, X. Wu, S. Jha, and A. Swami, "Distillation as a defense to adversarial perturbations against deep neural networks," in 2016 IEEE symposium on security and privacy (SP), pp. 582--597, IEEE, 2016.

[3]

D. Bank, N. Koenigstein, and R. Giryes, "Autoencoders," arXiv preprint arXiv:2003.05991, 2020.

[4]

G. Hinton, O. Vinyals, and J. Dean, "Distilling the knowledge in a neural network," stat, vol. 1050, p. 9, 2015.

[5]

I. J. Goodfellow, J. Shlens, and C. Szegedy, "Explaining and harnessing adversarial examples," arXiv preprint arXiv:1412.6572, 2014.

[6]

A. Kurakin, I. Goodfellow, and S. Bengio, "Adversarial machine learning at scale," arXiv preprint arXiv:1611.01236, 2016.

[7]

M. Goldblum, L. Fowl, S. Feizi, and T. Goldstein, "Adversarially robust distillation," in Proceedings of the AAAI Conference on Artificial Intelligence, vol. 34, pp. 3996-- 4003, 2020.

[8]

M. Kuzlu, F. O. Catak, U. Cali, E. Catak, and O. Guler, "Adversarial security mitigations of mmwave beamforming prediction models using defensive distillation and adversarial retraining," International Journal of Information Security, pp. 1--14, 2022.

[9]

E.-C. Chen and C.-R. Lee, "Ltd: Low temperature distillation for robust adversarial training," arXiv preprint arXiv:2111.02331, 2021.

[10]

N. Papernot and P. McDaniel, "Extending defensive distillation," arXiv preprint arXiv:1705.05264, 2017.

[11]

C. Yue, X. Zhu, Z. Liu, X. He, Z. Zhang, and W. Zhao, "A denoising autoencoder approach for poisoning attack detection in federated learning," IEEE Access, vol. 9, pp. 43027--43036, 2021.

[12]

A. Kascenas, N. Pugeault, and A. Q. O'Neil, "Denoising autoencoders for unsupervised anomaly detection in brain mri," in International Conference on Medical Imaging with Deep Learning, pp. 653--664, PMLR, 2022.

[13]

M. Tripathi, "Facial image denoising using autoencoder and unet," Heritage and Sustainable Development, vol. 3, no. 2, p. 89, 2021.

[14]

Y. Deng, X. Zheng, T. Zhang, C. Chen, G. Lou, and M. Kim, "An analysis of adversarial attacks and defenses on autonomous driving models," in 2020 IEEE international conference on pervasive computing and communications (PerCom), pp. 1--10, IEEE, 2020.

[15]

F. Wang, C. Zhang, P. Xu, and W. Ruan, "Deep learning and its adversarial robustness: A brief introduction," in HANDBOOK ON COMPUTER LEARNING AND INTELLIGENCE: Volume 2: Deep Learning, Intelligent Control and Evolutionary Computation, pp. 547--584, World Scientific, 2022.

[16]

F. Raiber and O. Kurland, "Kullback-leibler divergence revisited," in Proceedings of the ACM SIGIR International Conference on Theory of Information Retrieval, pp. 117-- 124, 2017.

Cited By

Mienye ISwart T(2024)A Comprehensive Review of Deep Learning: Architectures, Recent Advances, and ApplicationsInformation10.3390/info1512075515:12(755)Online publication date: 27-Nov-2024
https://doi.org/10.3390/info15120755
Badjie BCecílio JCasimiro A(2024)Adversarial Attacks and Countermeasures on Image Classification-based Deep Learning Models in Autonomous Driving Systems: A Systematic ReviewACM Computing Surveys10.1145/369162557:1(1-52)Online publication date: 7-Oct-2024
https://dl.acm.org/doi/10.1145/3691625
Jung SSeol YSeo KNa HKim STan VNoh J(2024)Speed-Aware Audio-Driven Speech Animation using Adaptive WindowsACM Transactions on Graphics10.1145/369134144:1(1-14)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1145/3691341

Recommendations

Defending Against Adversarial Denial-of-Service Data Poisoning Attacks
DYNAMICS '20: Proceedings of the 2020 Workshop on DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security

Data poisoning is one of the most relevant security threats against machine learning and data-driven technologies. Since many applications rely on untrusted training data, an attacker can easily craft malicious samples and inject them into the training ...
Evaluating Defensive Distillation for Defending Text Processing Neural Networks Against Adversarial Examples
Artificial Neural Networks and Machine Learning – ICANN 2019: Image Processing
Abstract
Adversarial examples are artificially modified input samples which lead to misclassifications, while not being detectable by humans. These adversarial examples are a challenge for many tasks such as image and text classification, especially as ...
Mitigating the impact of adversarial attacks in very deep networks
Abstract
Deep Neural Network (DNN) models have vulnerabilities related to security concerns, with attackers usually employing complex hacking techniques to expose their structures. Data poisoning-enabled perturbation attacks are complex ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGAda Ada Letters

ACM SIGAda Ada Letters Volume 43, Issue 2

December 2023

80 pages

ISSN:1094-3641

DOI:10.1145/3672359

Editor:
Luis Miguel Pinho
Polytechnic Institute of Porto, Porto, Portugal

Issue’s Table of Contents

Copyright © 2024 Copyright is held by the owner/author(s).

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2024

Published in SIGADA Volume 43, Issue 2

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
52
Total Downloads

Downloads (Last 12 months)52
Downloads (Last 6 weeks)6

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mienye ISwart T(2024)A Comprehensive Review of Deep Learning: Architectures, Recent Advances, and ApplicationsInformation10.3390/info1512075515:12(755)Online publication date: 27-Nov-2024
https://doi.org/10.3390/info15120755
Badjie BCecílio JCasimiro A(2024)Adversarial Attacks and Countermeasures on Image Classification-based Deep Learning Models in Autonomous Driving Systems: A Systematic ReviewACM Computing Surveys10.1145/369162557:1(1-52)Online publication date: 7-Oct-2024
https://dl.acm.org/doi/10.1145/3691625
Jung SSeol YSeo KNa HKim STan VNoh J(2024)Speed-Aware Audio-Driven Speech Animation using Adaptive WindowsACM Transactions on Graphics10.1145/369134144:1(1-14)Online publication date: 1-Oct-2024
https://dl.acm.org/doi/10.1145/3691341

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents