research-article

Defense against N-pixel Attacks based on Image Reconstruction

Authors:

Zi-Yuan Liu,

Peter Shaojui Wang,

Shou-Ching Hsiao,

Raylin TsoAuthors Info & Claims

SBC '20: Proceedings of the 8th International Workshop on Security in Blockchain and Cloud Computing

Pages 3 - 7

https://doi.org/10.1145/3384942.3406867

Published: 07 October 2020 Publication History

Get Access

Abstract

Since machine learning and deep learning are largely used for image recognition in real-world applications, how to avoid adversarial attacks become an important issue. It is common that attackers add adversarial perturbation to a normal image in order to fool the models. The N-pixel attack is one of the recently popular adversarial methods by simply changing a few pixels in the image. We observe that changing the few pixels leads to an obvious difference with its neighboring pixels. Therefore, this research aims to defend the N-pixel attacks based on image reconstruction. We develop a three-staged reconstructing algorithm to recover the fooling images. Experimental results show that the accuracy of CIFAR-10 test dataset can reach 92% after applying our proposed algorithm, indicating that the algorithm can maintain the original inference accuracy on normal dataset. Besides, the effectiveness of defending N-pixel attacks is also validated by reconstructing 500 attacked images using the proposed algorithm. The results show that we have a 90% to 92% chance of successful defense, where N=1,3,5,10,and 15.

References

[1]

Nicholas Carlini and David Wagner. 2017. Towards Evaluating the Robustness of Neural Networks. In 2017 IEEE Symposium on Security and Privacy (S&P). IEEE, San Jose, CA, 39--57. https://doi.org/10.1109/SP.2017.49

Crossref

Google Scholar

[2]

Dong Chen, Ruqiao Xu, and Bo Han. 2019. Patch Selection Denoiser: An Effective Approach Defending Against One-pixel Attacks. In International Conference on Neural Information Processing, T. Gedeon, K. Wong, and M. Lee (Eds.). Springer, Cham, 286--296. https://doi.org/10.1007/978--3-030--36802--9_31

Crossref

Google Scholar

[3]

Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative Adversarial Nets. In Proceedings of the 27th International Conference on Neural Information Processing Systems. MIT Press, Cambridge, MA, USA, 2672--2680.

Google Scholar

[4]

Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples . In International Conference on Learning Representations . http://arxiv.org/abs/1412.6572

Google Scholar

[5]

Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep Residual Learning for Image Recognition. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, Las Vegas, NV, 770--778. https://doi.org/10.1109/CVPR.2016.90

Crossref

Google Scholar

[6]

Alex Krizhevsky, Geoffrey Hinton, et almbox. 2009. Learning Multiple Layers of Features from Tiny Images . (2009).

Google Scholar

[7]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, Omar Fawzi, and Pascal Frossard. 2017. Universal Adversarial Perturbations. In 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, Las Vegas, NV, 1765--1773. https://doi.org/10.1109/CVPR.2017.17

Crossref

Google Scholar

[8]

Seyed-Mohsen Moosavi-Dezfooli, Alhussein Fawzi, and Pascal Frossard. 2016. Deepfool: A Simple and Accurate Method to Fool Deep Neural Networks. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, Las Vegas, NV, 2574--2582. https://doi.org/10.1109/CVPR.2016.282

Crossref

Google Scholar

[9]

Nicolas Papernot, Patrick McDaniel, Xi Wu, Somesh Jha, and Ananthram Swami. 2016. Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks. In 2016 IEEE Symposium on Security and Privacy (S&P). IEEE, San Jose, CA, 582--597. https://doi.org/10.1109/SP.2016.41

Crossref

Google Scholar

[10]

Andras Rozsa, Ethan M Rudd, and Terrance E Boult. 2016. Adversarial Diversity and Hard Positive Generation. In 2016 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW) . IEEE, Las Vegas, NV, 25--32. https://doi.org/10.1109/CVPRW.2016.58

Crossref

Google Scholar

[11]

Jiawei Su, Danilo Vasconcellos Vargas, and Kouichi Sakurai. 2019. One Pixel Attack for Fooling Deep Neural Networks . IEEE Transactions on Evolutionary Computation, Vol. 23, 5 (2019). https://doi.org/10.1109/TEVC.2019.2890858

Crossref

Google Scholar

[12]

Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing Properties of Neural Networks. In International Conference on Learning Representations . https://arxiv.org/abs/1312.6199

Google Scholar

[13]

Florian Tramèr, Alexey Kurakin, Nicolas Papernot, Ian Goodfellow, Dan Boneh, and Patrick McDaniel. 2018. Ensemble Adversarial Training: Attacks and Defenses. In International Conference on Learning Representations . https://arxiv.org/abs/1705.07204

Google Scholar

[14]

Danilo Vasconcellos Vargas and Jiawei Su. 2019. Understanding the One-pixel Attack: Propagation Maps and Locality Analysis . arXiv preprint arXiv:1902.02947 (2019).

Google Scholar

Cited By

View all

Khowaja SLee IDev KJarwar MQureshi N(2023)Get Your Foes Fooled: Proximal Gradient Split Learning for Defense Against Model Inversion Attacks on IoMT DataIEEE Transactions on Network Science and Engineering10.1109/TNSE.2022.318857510:5(2607-2616)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TNSE.2022.3188575
Chen JCao JLiang ZCui XYu LLi W(2021) STPD: Defending against -norm attacks with space transformation Future Generation Computer Systems10.1016/j.future.2021.08.009Online publication date: Aug-2021
https://doi.org/10.1016/j.future.2021.08.009

Index Terms

Defense against N-pixel Attacks based on Image Reconstruction
1. Computing methodologies
  1. Artificial intelligence
2. Security and privacy
  1. Security services
  2. Systems security

Recommendations

AdvRefactor: A Resampling-Based Defense Against Adversarial Attacks
Advances in Multimedia Information Processing – PCM 2018
Abstract
Deep neural networks have achieved great success in many domains. However, they are vulnerable to adversarial attacks, which generate adversarial examples by adding tiny perturbations to legitimate images. Previous studies providing defense mostly ...
Efficient Defense Against Adversarial Attacks and Security Evaluation of Deep Learning System
Machine Learning for Cyber Security
Abstract
Deep neural networks (DNNs) have achieved performance on classical artificial intelligence problems including visual recognition, natural language processing. Unfortunately, recent studies show that machine learning models are suffering from ...
A Selective Defense for Application Layer DDoS Attacks
JISIC '14: Proceedings of the 2014 IEEE Joint Intelligence and Security Informatics Conference

Distributed Denial of Service (DDoS) attacks remain among the most dangerous and noticeable attacks on the Internet. Differently from previous attacks, many recent DDoS attacks have not been carried out over the network layer, but over the application ...

Comments

Information & Contributors

Information

Published In

SBC '20: Proceedings of the 8th International Workshop on Security in Blockchain and Cloud Computing

October 2020

34 pages

ISBN:9781450376099

DOI:10.1145/3384942

Program Chairs:
Hsu-Chun Hsiao
National Taiwan University (Taiwan)
,
Qiang Tang
New Jersey Institute of Technology (USA)

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Ministry of Science and Technology, Taiwan (ROC)
Taiwan Information Security Center at National Sun Yat-sen University (TWISC@NSYSU)
Telecommunication Laboratories at Chunghwa Telecom Co. Ltd. (CHTTL)

Conference

ASIA CCS '20

Sponsor:

SIGSAC

ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security

October 6, 2020

Taipei, Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
187
Total Downloads

Downloads (Last 12 months)28
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Khowaja SLee IDev KJarwar MQureshi N(2023)Get Your Foes Fooled: Proximal Gradient Split Learning for Defense Against Model Inversion Attacks on IoMT DataIEEE Transactions on Network Science and Engineering10.1109/TNSE.2022.318857510:5(2607-2616)Online publication date: 1-Sep-2023
https://doi.org/10.1109/TNSE.2022.3188575
Chen JCao JLiang ZCui XYu LLi W(2021) STPD: Defending against -norm attacks with space transformation Future Generation Computer Systems10.1016/j.future.2021.08.009Online publication date: Aug-2021
https://doi.org/10.1016/j.future.2021.08.009

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

AdvRefactor: A Resampling-Based Defense Against Adversarial Attacks

Efficient Defense Against Adversarial Attacks and Security Evaluation of Deep Learning System

A Selective Defense for Application Layer DDoS Attacks

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

AdvRefactor: A Resampling-Based Defense Against Adversarial Attacks

Efficient Defense Against Adversarial Attacks and Security Evaluation of Deep Learning System

A Selective Defense for Application Layer DDoS Attacks

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations