TrISec: Training Data-Unaware Imperceptible Security Attacks on Deep Neural Networks

Faiq Khalid, Muhammad Abdullah Hanif, Semeen Rehman, Rehan Ahmed, Muhammad Shafique

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Most of the data manipulation attacks on deep neural networks (DNNs) during the training stage introduce a perceptible noise that can be catered by preprocessing during inference, or can be identified during the validation phase. There-fore, data poisoning attacks during inference (e.g., adversarial attacks) are becoming more popular. However, many of them do not consider the imperceptibility factor in their optimization algorithms, and can be detected by correlation and structural similarity analysis, or noticeable (e.g., by humans) in multi-level security system. Moreover, majority of the inference attack rely on some knowledge about the training dataset. In this paper, we propose a novel methodology which automatically generates imperceptible attack images by using the back-propagation algorithm on pre-trained DNNs, without requiring any information about the training dataset (i.e., completely training data-unaware). We present a case study on traffic sign detection using the VGGNet trained on the German Traffic Sign Recognition Benchmarks dataset in an autonomous driving use case. Our results demonstrate that the generated attack images successfully perform misclassification while remaining imperceptible in both 'subjective' and 'objective' quality tests.

Original languageEnglish (US)
Title of host publication2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design, IOLTS 2019
EditorsDimitris Gizopoulos, Dan Alexandrescu, Panagiota Papavramidou, Michail Maniatakos
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages188-193
Number of pages6
ISBN (Electronic)9781728124902
DOIs
StatePublished - Jul 2019
Event25th IEEE International Symposium on On-Line Testing and Robust System Design, IOLTS 2019 - Rhodes, Greece
Duration: Jul 1 2019Jul 3 2019

Publication series

Name2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design, IOLTS 2019

Conference

Conference25th IEEE International Symposium on On-Line Testing and Robust System Design, IOLTS 2019
CountryGreece
CityRhodes
Period7/1/197/3/19

Keywords

  • Adversarial Machine Learning
  • Data Poisoning Attacks
  • Deep Neural Network
  • DNNs
  • Imperceptible Attack Noise
  • Machine Learning
  • ML Security

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'TrISec: Training Data-Unaware Imperceptible Security Attacks on Deep Neural Networks'. Together they form a unique fingerprint.

Cite this