QuSecNets: Quantization-based Defense Mechanism for Securing Deep Neural Network against Adversarial Attacks

Faiq Khalid, Hassan Ali, Hammad Tariq, Muhammad Abdullah Hanif, Semeen Rehman, Rehan Ahmed, Muhammad Shafique

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Adversarial examples have emerged as a significant threat to machine learning algorithms, especially to the convolutional neural networks (CNNs). In this paper, we propose two quantization-based defense mechanisms, Constant Quantization (CQ) and Trainable Quantization (TQ), to increase the robustness of CNNs against adversarial examples. CQ quantizes input pixel intensities based on a 'fixed' number of quantization levels, while in TQ, the quantization levels are 'iteratively learned during the training phase', thereby providing a stronger defense mechanism. We apply the proposed techniques on undefended CNNs against different state-of-the-art adversarial attacks from the open-source Cleverhans library. The experimental results demonstrate 50%-96% and 10%-50% increase in the classification accuracy of the perturbed images generated from the MNIST and the CIFAR-10 datasets, respectively, on commonly used CNN (Conv2D(64, 8×8)-Conv2D(128, 6×6)-Conv2D(128, 5×5) - Dense(10) - Softmax()) available in Cleverhans library.

Original languageEnglish (US)
Title of host publication2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design, IOLTS 2019
EditorsDimitris Gizopoulos, Dan Alexandrescu, Panagiota Papavramidou, Michail Maniatakos
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages182-187
Number of pages6
ISBN (Electronic)9781728124902
DOIs
StatePublished - Jul 2019
Event25th IEEE International Symposium on On-Line Testing and Robust System Design, IOLTS 2019 - Rhodes, Greece
Duration: Jul 1 2019Jul 3 2019

Publication series

Name2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design, IOLTS 2019

Conference

Conference25th IEEE International Symposium on On-Line Testing and Robust System Design, IOLTS 2019
CountryGreece
CityRhodes
Period7/1/197/3/19

Keywords

  • Adversarial Attacks
  • Adversarial Machine Learning
  • Classification
  • CNN
  • Convolutional Neural Networks
  • Defense
  • DNN
  • Machine Learning
  • Quantization
  • Security
  • Trainable Quantization

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'QuSecNets: Quantization-based Defense Mechanism for Securing Deep Neural Network against Adversarial Attacks'. Together they form a unique fingerprint.

Cite this