{"title":"A Non-Deterministic Method to Construct Ensemble-Based Classifiers to Protect Decision Support Systems Against Adversarial Images: A Case Study","authors":"G. R. Machado, Eugênio Silva, R. Goldschmidt","doi":"10.1145/3330204.3330282","DOIUrl":null,"url":null,"abstract":"In recent years, Deep Learning has presented impressive performance when solving complex image classification and recognition tasks in decision support systems. Nonetheless, studies have demonstrated Deep Learning models are susceptible to attacks conducted with adversarial images, i.e. images containing subtle perturbations in order to induce models to misclassification. The main existing countermeasures against adversarial images have shown ineficiency, permitting attackers to map their internal operation more easily. Therefore, this work aims to evaluate a defense method called MultiMagNet which randomly incorporates at runtime multiple defense components, implemented as autoencoders, in order to introduce an expanded form of non-determinism behavior for hindering evasions of adversarial nature. Experiments on CIFAR-10 dataset showed MultiMagNet was able to detect images generated by different attack algorithms.","PeriodicalId":348938,"journal":{"name":"Proceedings of the XV Brazilian Symposium on Information Systems","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the XV Brazilian Symposium on Information Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3330204.3330282","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
In recent years, Deep Learning has presented impressive performance when solving complex image classification and recognition tasks in decision support systems. Nonetheless, studies have demonstrated Deep Learning models are susceptible to attacks conducted with adversarial images, i.e. images containing subtle perturbations in order to induce models to misclassification. The main existing countermeasures against adversarial images have shown ineficiency, permitting attackers to map their internal operation more easily. Therefore, this work aims to evaluate a defense method called MultiMagNet which randomly incorporates at runtime multiple defense components, implemented as autoencoders, in order to introduce an expanded form of non-determinism behavior for hindering evasions of adversarial nature. Experiments on CIFAR-10 dataset showed MultiMagNet was able to detect images generated by different attack algorithms.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
