Misleading Image Classification with Multi-shearing and Random Padding
Pages 1312 - 1316
Abstract
Neural networks are vulnerable when input data is applied with human-imperceptible perturbations, which is called adversarial examples. When used in image classification models, adversarial examples mislead neural netwoks to classify images with wrong labels, posing great threat to network security. White-box attack has achieved considerable success rate, for the model structure is already known. But black-box attack remains to be improved, so as to the transferability. We refer to the model augmentation method in network training process, and apply to generating adversarial examples to reduce overfitting. Consulting fundamental methods in adversarial examples, we propose a multi-cropping transformation method to alleviate overfitting and enhance transferability. Firstly, referring to data augmentation, we multi-crop original images in every iteration with random possibilities in adversarial exaples generating process. Secondly, the gradient of model loss function is calculated, and the perturbations are added to original images. Finally, we generate adversarial examples with iterative perturbations. The validation of our method is verified on single models and ensemble models, and the transferability is improved, compared to other fundamental methods.
References
[1]
Krizhevsky, Alex, Ilya Sutskever, and Geoffrey E. Hinton. 2012. ImageNet classification with deep convolutional neural networks. In Proceedings of the 25th International Conference on Neural Information Processing Systems-Volume 1. 2012.
[2]
LeCun, Yann, 1989. Backpropagation applied to handwritten zip code recognition. Neural computation 1.4 (1989): 541-551.
[3]
Biggio, Battista, 2013. Evasion attacks against machine learning at test time. Joint European conference on machine learning and knowledge discovery in databases. Springer, Berlin, Heidelberg, 2013.
[4]
Szegedy, Christian, 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013).
[5]
Goodfellow, Ian J., Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).
[6]
Papernot, Nicolas, 2017 Practical black-box attacks against machine learning. In Proceedings of the 2017 ACM on Asia conference on computer and communications security. 2017.
[7]
Nielsen, Michael A. 2015. Neural networks and deep learning. Vol. 25. San Francisco, CA, USA: Determination press, 2015.
[8]
Xie, Cihang, 2019. Improving transferability of adversarial examples with input diversity. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2019.
[9]
Kurakin, Alexey, Ian J. Goodfellow, and Samy Bengio. 2018. Adversarial examples in the physical world. Artificial intelligence safety and security. Chapman and Hall/CRC, 2018. 99-112.
[10]
Yuan, Kan, 2019. Stealthy porn: Understanding real-world adversarial images for illicit online promotion. 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 2019.
[11]
Yang, Bo, 2022. Adversarial example generation with adabelief optimizer and crop invariance. Applied Intelligence (2022): 1-16.
[12]
Li, Zheming, 2021. Rotation Transformation: A Method to Improve the Transferability of Adversarial Examples. 2021 International Conference on Digital Society and Intelligent Systems (DSInS). IEEE, 2021.
[13]
Russakovsky, Olga, 2015. Imagenet large scale visual recognition challenge. International journal of computer vision 115.3 (2015): 211-252.
[14]
Szegedy, Christian, 2016. Rethinking the inception architecture for computer vision. In Proceedings of the IEEE conference on computer vision and pattern recognition. 2016.
[15]
Szegedy, Christian, 2017. Inception-v4, inception-resnet and the impact of residual connections on learning. Thirty-first AAAI conference on artificial intelligence. 2017.
[16]
He, Kaiming, 2016. Identity mappings in deep residual networks. European conference on computer vision. Springer, Cham, 2016.
[17]
Tramèr, Florian, 2017. Ensemble adversarial training: Attacks and defenses. arXiv preprint arXiv:1705.07204 (2017).
Index Terms
- Misleading Image Classification with Multi-shearing and Random Padding
Recommendations
Direction-aggregated Attack for Transferable Adversarial Examples
Deep neural networks are vulnerable to adversarial examples that are crafted by imposing imperceptible changes to the inputs. However, these adversarial examples are most successful in white-box settings where the model and its parameters are available. ...
Boosting cross‐task adversarial attack with random blur
AbstractDeep neural networks are highly vulnerable to adversarial examples, and these adversarial examples stay malicious when transferred to other neural networks. Many works exploit this transferability of adversarial examples to execute black‐box ...
DeT: Defending Against Adversarial Examples via Decreasing Transferability
Cyberspace Safety and SecurityAbstractDeep neural networks (DNNs) have made great progress in recent years. Unfortunately, DNNs are found to be vulnerable to adversarial examples that are injected with elaborately crafted perturbations. In this paper, we propose a defense method named ...
Comments
Information & Contributors
Information
Published In
October 2022
1999 pages
ISBN:9781450397148
DOI:10.1145/3573428
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 15 March 2023
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
EITCE 2022
EITCE 2022: 2022 6th International Conference on Electronic Information Technology and Computer Engineering
October 21 - 23, 2022
Xiamen, China
Acceptance Rates
Overall Acceptance Rate 508 of 972 submissions, 52%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 16Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 10 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format