Ally patches for spoliation of adversarial patches

Adversarial attacks represent a serious evolving threat to the operation of deep neural networks. Recently, adversarial algorithms were developed to facilitate hallucination of deep neural networks for ordinary attackers. State-of-the-arts algorithms could generate offline printable adversarial patc...

Full description

Saved in:
Bibliographic Details
Published in:Journal of big data Vol. 6; no. 1; pp. 1 - 14
Main Author: Abdel-Hakim, Alaa E.
Format: Journal Article
Language:English
Published: Cham Springer International Publishing 07.06.2019
Springer Nature B.V
SpringerOpen
Subjects:
Advanced Soft Computing Methodologies and Applications in Social Media Big Data Analytics
Adversarial patches
Algorithms
Ally patches
Artificial neural networks
Big Data
Cameras
Classification
CNN
Communications Engineering
Computational Science and Engineering
Computer Science
Data Mining and Knowledge Discovery
Database Management
Deep neural networks
Experimentation
Experiments
Information Storage and Retrieval
Knowledge management
Mathematical Applications in Computer Science
Networks
Neural networks
Patches (structures)
Salience
Adversarial patches
CNN
Deep neural networks
Ally patches
ISSN:2196-1115, 2196-1115
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Adversarial attacks represent a serious evolving threat to the operation of deep neural networks. Recently, adversarial algorithms were developed to facilitate hallucination of deep neural networks for ordinary attackers. State-of-the-arts algorithms could generate offline printable adversarial patches that can be interspersed within fields of view of the capturing cameras in an innocently unnoticeable action. In this paper, we propose an algorithm to ravage the operation of these adversarial patches. The proposed algorithm uses intrinsic information contents of the input image to extract a set of ally patches. The extracted patches break the salience of the attacking adversarial patch to the network. To our knowledge, this is the first time to address the defense problem against such kinds of adversarial attacks by counter-processing the input image in order to ravage the effect of any possible adversarial patches. The classification decision is taken according to a late-fusion strategy applied to the independent classifications generated by the extracted patch alliance. Evaluation experiments were conducted on the 1000 classes of the ILSVRC benchmark. Different convolutional neural network models and varying-scale adversarial patches were used in the experimentation. Evaluation results showed the effectiveness of the proposed ally patches in reducing the success rates of adversarial patches.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2196-1115
2196-1115
DOI:10.1186/s40537-019-0213-4