On the detection of adversarial attacks against deep neural networks

Weiyu Wang, Quanyan Zhu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Deep learning model has been widely studied and proven to achieve high accuracy in various pattern recognition tasks, especially in image recognition. However, due to its non-linear architecture and high-dimensional inputs, its ill-posedness [1] towards adversarial perturbations - small deliberately crafted perturbations on the input will lead to completely different outputs, has also attracted researchers' attention. 1 This work takes the traffic sign recognition system on the selfdriving car as an example, and aims at designing an additional mechanism to improve the robustness of the recognition system. It uses a machine learning model which learns the results of the deep learning model's predictions, with human feedback as labels and provides the credibility of current prediction. The mechanism makes use of both the input image and the recognition result as the sample space, querying a human user the True/False of current classification result the least number of times, and completing the task of detecting adversarial attacks.

Original languageEnglish (US)
Title of host publicationSafeConfig 2017 - Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense, co-located with CCS 2017
PublisherAssociation for Computing Machinery, Inc
Pages27-30
Number of pages4
ISBN (Electronic)9781450352031
DOIs
StatePublished - Nov 3 2017
Event10th Workshop on Automated Decision Making for Active Cyber Defense, SafeConfig 2017 - Dallas, United States
Duration: Nov 3 2017 → …

Publication series

NameSafeConfig 2017 - Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense, co-located with CCS 2017

Other

Other10th Workshop on Automated Decision Making for Active Cyber Defense, SafeConfig 2017
CountryUnited States
CityDallas
Period11/3/17 → …

Keywords

  • Active Learning
  • Adversarial Machine Learning
  • Deep Neural Network
  • Machine Learning Security
  • Support Vector Machine

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computational Theory and Mathematics
  • Computer Science Applications

Fingerprint Dive into the research topics of 'On the detection of adversarial attacks against deep neural networks'. Together they form a unique fingerprint.

  • Cite this

    Wang, W., & Zhu, Q. (2017). On the detection of adversarial attacks against deep neural networks. In SafeConfig 2017 - Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense, co-located with CCS 2017 (pp. 27-30). (SafeConfig 2017 - Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defense, co-located with CCS 2017). Association for Computing Machinery, Inc. https://doi.org/10.1145/3140368.3140373