DDSA: A Defense Against Adversarial Attacks Using Deep Denoising Sparse Autoencoder

Given their outstanding performance, the Deep Neural Networks (DNNs) models have been deployed in many real-world applications. However, recent studies have demonstrated that they are vulnerable to small carefully crafted perturbations, i.e. , adversarial examples, which considerably decrease their...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE access Ročník 7; s. 160397 - 160407
Hlavní autoři: Bakhti, Yassine, Fezza, Sid Ahmed, Hamidouche, Wassim, Deforges, Olivier
Médium: Journal Article
Jazyk:angličtina
Vydáno: Piscataway IEEE 2019
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Témata:
adversarial attacks
Artificial neural networks
Classifiers
Computer Science
Cryptography and Security
Deep neural network
Defense
denoising
Face recognition
Neural and Evolutionary Computing
Neural networks
Noise reduction
Perturbation methods
Robustness
Safety critical
security
sparse autoencoder
Training
Training data
denoising
security
Deep neural network
adversarial attacks
defense
sparse autoencoder
ISSN:2169-3536, 2169-3536
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Given their outstanding performance, the Deep Neural Networks (DNNs) models have been deployed in many real-world applications. However, recent studies have demonstrated that they are vulnerable to small carefully crafted perturbations, i.e. , adversarial examples, which considerably decrease their performance and can lead to devastating consequences, especially for safety-critical applications, such as autonomous vehicles, healthcare and face recognition. Therefore, it is of paramount importance to offer defense solutions that increase the robustness of DNNs against adversarial attacks. In this paper, we propose a novel defense solution based on a Deep Denoising Sparse Autoencoder (DDSA). The proposed method is performed as a pre-processing step, where the adversarial noise of the input samples is removed before feeding the classifier. The pre-processing defense block can be associated with any classifier, without any change to their architecture or training procedure. In addition, the proposed method is a universal defense, since it does not require any knowledge about the attack, making it usable against any type of attack. The experimental results on MNIST and CIFAR-10 datasets have shown that the proposed DDSA defense provides a high robustness against a set of prominent attacks under white-, gray- and black-box settings, and outperforms state-of-the-art defense methods.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2019.2951526