Detecting Adversarial Examples Using Edge-based Classification (엣지 기반 분류를 이용한 적대적 예제 탐지)

Jaesung Shim (심재성); Kyuri Jo (조겨리)

doi:10.9708/jksci.2023.28.10.067

Detecting Adversarial Examples Using Edge-based Classification

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2023, 28(10), pp.67-76
DOI : 10.9708/jksci.2023.28.10.067
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : September 15, 2023
Accepted : October 19, 2023
Published : October 31, 2023

Jaesung Shim ¹, Kyuri Jo ¹

¹충북대학교

Accredited

ABSTRACT

Although deep learning models are making innovative achievements in the field of computer vision, the problem of vulnerability to adversarial examples continues to be raised. Adversarial examples are attack methods that inject fine noise into images to induce misclassification, which can pose a serious threat to the application of deep learning models in the real world. In this paper, we propose a model that detects adversarial examples using differences in predictive values between edge-learned classification models and underlying classification models. The simple process of extracting the edges of the objects and reflecting them in learning can increase the robustness of the classification model, and economical and efficient detection is possible by detecting adversarial examples through differences in predictions between models. In our experiments, the general model showed accuracy of {49.9%, 29.84%, 18.46%, 4.95%, 3.36%} for adversarial examples (eps={0.02, 0.05, 0.1, 0.2, 0.3}), whereas the Canny edge model showed accuracy of {82.58%, 65.96%, 46.71%, 24.94%, 13.41%} and other edge models showed a similar level of accuracy also, indicating that the edge model was more robust against adversarial examples. In addition, adversarial example detection using differences in predictions between models revealed detection rates of {85.47%, 84.64%, 91.44%, 95.47%, and 87.61%} for each epsilon-specific adversarial example. It is expected that this study will contribute to improving the reliability of deep learning models in related research and application industries such as medical, autonomous driving, security, and national defense.

KEYWORDS

Deep Learning, Computer Vision, Convolutional Neural Network, Edge-based Classification, Adversarial Example Detection

Citation status

* References for papers published after 2023 are currently being built.

[web] I. J. Goodfellow / 2014 / Explaining and harnessing adversarial examples / arXiv / arXiv:1412.6572

[confproc] K. Eykholt / 2018 / Robust physical-world attacks on deep learning visual classification / Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition : 1625~1634

[confproc] A. Liu / 2023 / X-adv: Physical adversarial object attacks against x-ray prohibited item detection / 32nd USENIX Security Symposium (USENIX Security 23) : 3781~3798

[journal] Xingjun Ma / 2021 / Understanding adversarial attacks on deep learning based medical image analysis systems / Pattern Recognition / Elsevier BV 110 : 107332~

[journal] Naveed Akhtar / 2018 / Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey / IEEE Access / Institute of Electrical and Electronics Engineers (IEEE) 6 : 14410~14430

[confproc] A. Madry / 2018 / Towards deep learning models resistant to adversarial attacks / International Conference on Learning Representations

[confproc] D. Tsipras / 2019 / Robustness may be at odds with accuracy / International Conference on Learning Representations

[confproc] A. Borji / 2022 / Shape defense / I (Still) can'T Believe it's Not Better!Workshop at NeurIPS 2021 : 15~20

[confproc] W. Xu / 2018 / Feature squeezing: Detecting adversarial examples in deep neural networks / NDSS Symposium

[confproc] S. Moosavi-Dezfooli / 2016 / Deepfool: A simple and accurate method to fool deep neural networks / Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition : 2574~2582

[confproc] N. Carlini / 2017 / Towards evaluating the robustness of neural networks / 2017 IEEE Symposium on Security and Privacy (Sp) : 39~57

[confproc] D. Meng / 2017 / Magnet: A two-pronged defense against adversarial examples / Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security : 135~147

[confproc] J. H. Metzen / 2017 / On detecting adversarial perturbations / International Conference on Learning Representations

[thesis] L. G. Roberts / 1963 / Machine Perception of Three-Dimensional Solids / PhD / Massachusetts Institute of Technology

[other] I. Sobel / 1968 / A 3x3 isotropic gradient operator for image processing / a talk at the Stanford Artificial Project in : 271~272

[journal] JOHN CANNY / 1987 / A Computational Approach to Edge Detection / Readings in Computer Vision / Elsevier : 184~203

[web] H. Scharr / Optimal operators in digital image processing / http://www.ub.uni-heidelberg.de/archiv/962,2000

[web] J. Bright / ANIMALS(30 Animal Species for Easy train) / https://www.kaggle.com/datasets/jerrinbright/cheetahtigerwolf

This paper was written with support from the National Research Foundation of Korea.

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Detecting Adversarial Examples Using Edge-based Classification

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

Detecting Adversarial Examples Using Edge-based Classification

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (18) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.