An Intelligent Secure Adversarial Examples Detection Scheme in Heterogeneous Complex Environments

Weizheng Wang; Xiangqi Wang; Xianmin Pan; Xingxing Gong; Jian Liang; Pradip Kumar Sharma; Osama Alfarraj; Wael Said

doi:10.32604/cmc.2023.041346

An Intelligent Secure Adversarial Examples Detection Scheme in Heterogeneous Complex Environments

Weizheng Wang, Xiangqi Wang^*, Xianmin Pan, Xingxing Gong, Jian Liang, Pradip Kumar Sharma, Osama Alfarraj, Wael Said

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

1 Downloads (Pure)

Abstract

Image-denoising techniques are widely used to defend against Adversarial Examples (AEs). However, denoising alone cannot completely eliminate adversarial perturbations. The remaining perturbations tend to amplify as they propagate through deeper layers of the network, leading to misclassifications. Moreover, image denoising compromises the classification accuracy of original examples. To address these challenges in AE defense through image denoising, this paper proposes a novel AE detection technique. The proposed technique combines multiple traditional image-denoising algorithms and Convolutional Neural Network (CNN) network structures. The used detector model integrates the classification results of different models as the input to the detector and calculates the final output of the detector based on a machine-learning voting algorithm. By analyzing the discrepancy between predictions made by the model on original examples and denoised examples, AEs are detected effectively. This technique reduces computational overhead without modifying the model structure or parameters, effectively avoiding the error amplification caused by denoising. The proposed approach demonstrates excellent detection performance against mainstream AE attacks. Experimental results show outstanding detection performance in well-known AE attacks, including Fast Gradient Sign Method (FGSM), Basic Iteration Method (BIM), DeepFool, and Carlini & Wagner (C&W), achieving a 94% success rate in FGSM detection, while only reducing the accuracy of clean examples by 4%.

Original language	English
Pages (from-to)	3859-3876
Number of pages	18
Journal	Computers, Materials and Continua
Volume	76
Issue number	3
DOIs	https://doi.org/10.32604/cmc.2023.041346
Publication status	Published - 8 Oct 2023

Bibliographical note

Funding Information:
Funding Statement: This work was supported in part by the Natural Science Foundation of Hunan Province under Grant Nos. 2023JJ30316 and 2022JJ2029, in part by a project supported by Scientific Research Fund of Hunan Provincial Education Department under Grant No. 22A0686, and in part by the National Natural Science Foundation of China under Grant No. 62172058. This work was also funded by the Researchers Supporting Project (No. RSP2023R102) King Saud University, Riyadh, Saudi Arabia.

Data Availability Statement

The data underlying this article will be shared on reasonable request to the corresponding author.

Keywords

adversarial attack
adversarial example
adversarial example detection
Deep neural networks
image denoising
machine learning

Access to Document

10.32604/cmc.2023.041346Licence: CC BY

Wang_etal_CMC_An_Intelligent_Secure_VOR
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Final published version, 1.55 MBLicence: CC BY

Cite this

@article{8aecdf6549fb4ce9bbdc85cccd2bac55,

title = "An Intelligent Secure Adversarial Examples Detection Scheme in Heterogeneous Complex Environments",

abstract = "Image-denoising techniques are widely used to defend against Adversarial Examples (AEs). However, denoising alone cannot completely eliminate adversarial perturbations. The remaining perturbations tend to amplify as they propagate through deeper layers of the network, leading to misclassifications. Moreover, image denoising compromises the classification accuracy of original examples. To address these challenges in AE defense through image denoising, this paper proposes a novel AE detection technique. The proposed technique combines multiple traditional image-denoising algorithms and Convolutional Neural Network (CNN) network structures. The used detector model integrates the classification results of different models as the input to the detector and calculates the final output of the detector based on a machine-learning voting algorithm. By analyzing the discrepancy between predictions made by the model on original examples and denoised examples, AEs are detected effectively. This technique reduces computational overhead without modifying the model structure or parameters, effectively avoiding the error amplification caused by denoising. The proposed approach demonstrates excellent detection performance against mainstream AE attacks. Experimental results show outstanding detection performance in well-known AE attacks, including Fast Gradient Sign Method (FGSM), Basic Iteration Method (BIM), DeepFool, and Carlini & Wagner (C&W), achieving a 94% success rate in FGSM detection, while only reducing the accuracy of clean examples by 4%.",

keywords = "adversarial attack, adversarial example, adversarial example detection, Deep neural networks, image denoising, machine learning",

author = "Weizheng Wang and Xiangqi Wang and Xianmin Pan and Xingxing Gong and Jian Liang and Sharma, {Pradip Kumar} and Osama Alfarraj and Wael Said",

note = "Funding Information: Funding Statement: This work was supported in part by the Natural Science Foundation of Hunan Province under Grant Nos. 2023JJ30316 and 2022JJ2029, in part by a project supported by Scientific Research Fund of Hunan Provincial Education Department under Grant No. 22A0686, and in part by the National Natural Science Foundation of China under Grant No. 62172058. This work was also funded by the Researchers Supporting Project (No. RSP2023R102) King Saud University, Riyadh, Saudi Arabia. ",

year = "2023",

month = oct,

day = "8",

doi = "10.32604/cmc.2023.041346",

language = "English",

volume = "76",

pages = "3859--3876",

journal = "Computers, Materials and Continua",

issn = "1546-2218",

publisher = "Tech Science Press",

number = "3",

}

TY - JOUR

T1 - An Intelligent Secure Adversarial Examples Detection Scheme in Heterogeneous Complex Environments

AU - Wang, Weizheng

AU - Wang, Xiangqi

AU - Pan, Xianmin

AU - Gong, Xingxing

AU - Liang, Jian

AU - Sharma, Pradip Kumar

AU - Alfarraj, Osama

AU - Said, Wael

N1 - Funding Information: Funding Statement: This work was supported in part by the Natural Science Foundation of Hunan Province under Grant Nos. 2023JJ30316 and 2022JJ2029, in part by a project supported by Scientific Research Fund of Hunan Provincial Education Department under Grant No. 22A0686, and in part by the National Natural Science Foundation of China under Grant No. 62172058. This work was also funded by the Researchers Supporting Project (No. RSP2023R102) King Saud University, Riyadh, Saudi Arabia.

PY - 2023/10/8

Y1 - 2023/10/8

N2 - Image-denoising techniques are widely used to defend against Adversarial Examples (AEs). However, denoising alone cannot completely eliminate adversarial perturbations. The remaining perturbations tend to amplify as they propagate through deeper layers of the network, leading to misclassifications. Moreover, image denoising compromises the classification accuracy of original examples. To address these challenges in AE defense through image denoising, this paper proposes a novel AE detection technique. The proposed technique combines multiple traditional image-denoising algorithms and Convolutional Neural Network (CNN) network structures. The used detector model integrates the classification results of different models as the input to the detector and calculates the final output of the detector based on a machine-learning voting algorithm. By analyzing the discrepancy between predictions made by the model on original examples and denoised examples, AEs are detected effectively. This technique reduces computational overhead without modifying the model structure or parameters, effectively avoiding the error amplification caused by denoising. The proposed approach demonstrates excellent detection performance against mainstream AE attacks. Experimental results show outstanding detection performance in well-known AE attacks, including Fast Gradient Sign Method (FGSM), Basic Iteration Method (BIM), DeepFool, and Carlini & Wagner (C&W), achieving a 94% success rate in FGSM detection, while only reducing the accuracy of clean examples by 4%.

AB - Image-denoising techniques are widely used to defend against Adversarial Examples (AEs). However, denoising alone cannot completely eliminate adversarial perturbations. The remaining perturbations tend to amplify as they propagate through deeper layers of the network, leading to misclassifications. Moreover, image denoising compromises the classification accuracy of original examples. To address these challenges in AE defense through image denoising, this paper proposes a novel AE detection technique. The proposed technique combines multiple traditional image-denoising algorithms and Convolutional Neural Network (CNN) network structures. The used detector model integrates the classification results of different models as the input to the detector and calculates the final output of the detector based on a machine-learning voting algorithm. By analyzing the discrepancy between predictions made by the model on original examples and denoised examples, AEs are detected effectively. This technique reduces computational overhead without modifying the model structure or parameters, effectively avoiding the error amplification caused by denoising. The proposed approach demonstrates excellent detection performance against mainstream AE attacks. Experimental results show outstanding detection performance in well-known AE attacks, including Fast Gradient Sign Method (FGSM), Basic Iteration Method (BIM), DeepFool, and Carlini & Wagner (C&W), achieving a 94% success rate in FGSM detection, while only reducing the accuracy of clean examples by 4%.

KW - adversarial attack

KW - adversarial example

KW - adversarial example detection

KW - Deep neural networks

KW - image denoising

KW - machine learning

UR - http://www.scopus.com/inward/record.url?scp=85174393829&partnerID=8YFLogxK

U2 - 10.32604/cmc.2023.041346

DO - 10.32604/cmc.2023.041346

M3 - Article

AN - SCOPUS:85174393829

SN - 1546-2218

VL - 76

SP - 3859

EP - 3876

JO - Computers, Materials and Continua

JF - Computers, Materials and Continua

IS - 3

ER -

An Intelligent Secure Adversarial Examples Detection Scheme in Heterogeneous Complex Environments

Abstract

Bibliographical note

Data Availability Statement

Keywords

Access to Document

Other files and links

Fingerprint

Cite this