Abstract
In recent years, deep learning has shown excellent performance in the field of computer vision. Nevertheless, researchers have found that the deep learning system does not have good robustness. Adding a insignificant amount of undetectable interference to the input of the deep learning system can lead to deep learning models fail, and these examples that make the model fail are called adversarial examples by researchers. The existence of adversarial examples will hinder the application and popularization of artificial intelligence-based deep learning systems. Therefore, we propose a denoising convolutional autoencoder incorporated with label knowledge (DCAL), a new method for defending against adversarial examples. The principle of which is DCAL as a pre-processing module before image classification, the image to be classified is denoised and reconstructed to obtain a innovative image, which is then sent to the classifier for classification. If we let the innovative image obtained by the adversarial examples through DCAL can make the classifier classify correctly, we will achieve the role of defending against the adversarial examples. The experimental results on two benchmark datasets including MNIST, CIFAR-10. Our experimental principally resisting the white-box attacks. The experimental results show that the proposed DCAL is superior to state-of-the-art defense methods in a white-box setting.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks, pp. 39–57 (2017)
Dong, Y., et al.: Boosting adversarial attacks with momentum, pp. 9185–9193 (2018)
Eykholt, K., et al.: Robust physical-world attacks on deep learning visual classification, pp. 1625–1634 (2018)
Ganin, Y., et al.: Domain-adversarial training of neural networks. J. Mach. Learn. Res. 17(1), 2030–2096 (2016)
Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)
Grosse, K., Manoharan, P., Papernot, N., Backes, M., McDaniel, P.: On the (statistical) detection of adversarial examples. arXiv preprint arXiv:1702.06280 (2017)
Hosseini, H., Chen, Y., Kannan, S., Zhang, B., Poovendran, R.: Blocking transferability of adversarial examples in black-box learning systems. arXiv preprint arXiv:1703.04318 (2017)
Hussain, D., Naqvi, R.A., Loh, W.K., Lee, J.: Deep learning in DXA image segmentation. CMC Comput. Mater. Continua 66(3), 2587–2598 (2021)
Jain, P., Chawla, P., Masud, M., Mahajan, S., Pandit, A.K.: Automated identification algorithm using CNN for computer vision in smart refrigerators. CMC Comput. Mater. Continua 71(2), 3337–3353 (2022)
Krizhevsky, A., Hinton, G., et al.: Learning multiple layers of features from tiny images (2009)
Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236 (2016)
LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)
van der Maaten, L., Hinton, G.: Visualizing data using T-SNE. J. Mach. Learn. Res. 9, 2579–2605 (2008)
Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)
Meng, D., Chen, H.: MagNet: a two-pronged defense against adversarial examples, pp. 135–147 (2017)
Nithyanantham, S., Singaravel, G.: Hybrid deep learning framework for privacy preservation in geo-distributed data centre. Intell. Autom. Soft Comput. 32(3), 1905–1919 (2022)
Quiring, E., Arp, D., Rieck, K.: Forgotten siblings: unifying attacks on machine learning and digital watermarking, pp. 488–502 (2018)
Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., McDaniel, P.: Ensemble adversarial training: attacks and defenses. arXiv preprint arXiv:1705.07204 (2017)
Wang, Y., Fu, Z., Sun, X.: High visual quality image steganography based on encoder-decoder model. J. Cybersecur. 2(3), 115 (2020)
Wong, E., Rice, L., Kolter, J.Z.: Fast is better than free: revisiting adversarial training. arXiv preprint arXiv:2001.03994 (2020)
Wu, H., Sangaiah, A.K.: Oral English speech recognition based on enhanced temporal convolutional network. Intell. Autom. Soft Comput. 28(1), 121–132 (2021)
Xu, W., Evans, D., Qi, Y.: Feature squeezing: detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155 (2017)
Ye, H., Liu, X., Li, C.: Dscae: a denoising sparse convolutional autoencoder defense against adversarial examples. J. Ambient Intell. Human. Comput. 1–11 (2020)
Zhang, S., et al.: Detecting adversarial samples for deep learning models: a comparative study. IEEE Trans. Netw. Sci. Eng. 9(1), 231–244 (2021)
Acknowledgements
This work was supported in part by the National Natural Science Foundation of China Enterprise Innovation and Development Joint Fund under Grant No. U19B2044, and in part by the Key Research and Development Project of Hainan Province under Grant No. ZDYF2020012.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Lin, X., Cao, C., Wang, L., Liu, Z., Li, M., Ma, H. (2022). DCAL: A New Method for Defending Against Adversarial Examples. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2022. Lecture Notes in Computer Science, vol 13339. Springer, Cham. https://doi.org/10.1007/978-3-031-06788-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-06788-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06787-7
Online ISBN: 978-3-031-06788-4
eBook Packages: Computer ScienceComputer Science (R0)