SeVuc: A study on the Security Vulnerabilities of Capsule Networks against adversarial attacks

Alberto Marchisio, Giorgio Nanfa, Faiq Khalid, Muhammad Abdullah Hanif, Maurizio Martina, Muhammad Shafique

Research output: Contribution to journalArticlepeer-review

Abstract

Capsule Networks (CapsNets) preserve the hierarchical spatial relationships between objects, and thereby bear the potential to surpass the performance of traditional Convolutional Neural Networks (CNNs) in performing tasks like image classification. This makes CapsNets suitable for the smart cyber–physical systems (CPS), where a large amount of training data may not be available. A large body of work has explored adversarial examples for CNNs, but their effectiveness on CapsNets has not yet been studied systematically. In our work, we perform an analysis to study the vulnerabilities in CapsNets to adversarial attacks. These perturbations, added to the test inputs, are small and imperceptible to humans, but can fool the network to mispredict. We propose a greedy algorithm to automatically generate imperceptible adversarial examples in a black-box attack scenario. We show that this kind of attacks, when applied to the German Traffic Sign Recognition Benchmark and CIFAR10 datasets, mislead CapsNets in making a correct classification, which can be catastrophic for smart CPS, like autonomous vehicles. Moreover, we apply the same kind of adversarial attacks to a 5-layer CNN (LeNet), to a 9-layer CNN (VGGNet), and to a 20-layer CNN (ResNet), and analyze the outcome, compared to the CapsNets, to study their different behaviors under the adversarial attacks.

Original languageEnglish (US)
Article number104738
JournalMicroprocessors and Microsystems
Volume96
DOIs
StatePublished - Feb 2023

Keywords

  • Adversarial attacks
  • Affine transformations
  • Architecture
  • Artificial intelligence
  • Capsule Networks
  • Convolutional neural networks
  • Deep learning
  • Deep neural networks
  • Machine learning
  • Robustness
  • Security
  • Vulnerability

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'SeVuc: A study on the Security Vulnerabilities of Capsule Networks against adversarial attacks'. Together they form a unique fingerprint.

Cite this