Feng Sun, Zhenjiang Zhang, Yi-Chih Kao, Tian-zhou Li, Bo Shen
{"title":"提出了一种基于残差图像的对抗攻击检测方法","authors":"Feng Sun, Zhenjiang Zhang, Yi-Chih Kao, Tian-zhou Li, Bo Shen","doi":"10.3966/160792642019072004028","DOIUrl":null,"url":null,"abstract":"Nowadays, with the development of artificial intelligence, deep learning has attracted more and more attention. Whereas deep neural network has made incredible progress in many domains including Computer Vision, Nature Language Processing, etc, recent studies show that they are vulnerable to the adversarial attacks which takes legitimate images with undetected perturbation as input and can mislead the model to predict incorrect outputs. We consider that the key point of the adversarial attack is the undetected perturbation added to the input. It will be of great significance to eliminate the effect of the added noise. Thus, we design a new, efficient model based on residual image which can detect this potential adversarial attack. We design a method to get the residual image which can capture these possible perturbations. Based on the residual image we got, the detection mechanism can help us detect whether it is an adversarial image or not. A serial of experiments has also been carried out. Subsequent experiments prove that the new detection method can detect the adversarial attack with high effectivity.","PeriodicalId":50172,"journal":{"name":"Journal of Internet Technology","volume":"20 1","pages":"1297-1304"},"PeriodicalIF":0.9000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A new method to detect the adversarial attack based on the residual image\",\"authors\":\"Feng Sun, Zhenjiang Zhang, Yi-Chih Kao, Tian-zhou Li, Bo Shen\",\"doi\":\"10.3966/160792642019072004028\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays, with the development of artificial intelligence, deep learning has attracted more and more attention. Whereas deep neural network has made incredible progress in many domains including Computer Vision, Nature Language Processing, etc, recent studies show that they are vulnerable to the adversarial attacks which takes legitimate images with undetected perturbation as input and can mislead the model to predict incorrect outputs. We consider that the key point of the adversarial attack is the undetected perturbation added to the input. It will be of great significance to eliminate the effect of the added noise. Thus, we design a new, efficient model based on residual image which can detect this potential adversarial attack. We design a method to get the residual image which can capture these possible perturbations. Based on the residual image we got, the detection mechanism can help us detect whether it is an adversarial image or not. A serial of experiments has also been carried out. Subsequent experiments prove that the new detection method can detect the adversarial attack with high effectivity.\",\"PeriodicalId\":50172,\"journal\":{\"name\":\"Journal of Internet Technology\",\"volume\":\"20 1\",\"pages\":\"1297-1304\"},\"PeriodicalIF\":0.9000,\"publicationDate\":\"2019-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Internet Technology\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.3966/160792642019072004028\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Internet Technology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.3966/160792642019072004028","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A new method to detect the adversarial attack based on the residual image
Nowadays, with the development of artificial intelligence, deep learning has attracted more and more attention. Whereas deep neural network has made incredible progress in many domains including Computer Vision, Nature Language Processing, etc, recent studies show that they are vulnerable to the adversarial attacks which takes legitimate images with undetected perturbation as input and can mislead the model to predict incorrect outputs. We consider that the key point of the adversarial attack is the undetected perturbation added to the input. It will be of great significance to eliminate the effect of the added noise. Thus, we design a new, efficient model based on residual image which can detect this potential adversarial attack. We design a method to get the residual image which can capture these possible perturbations. Based on the residual image we got, the detection mechanism can help us detect whether it is an adversarial image or not. A serial of experiments has also been carried out. Subsequent experiments prove that the new detection method can detect the adversarial attack with high effectivity.
期刊介绍:
The Journal of Internet Technology accepts original technical articles in all disciplines of Internet Technology & Applications. Manuscripts are submitted for review with the understanding that they have not been published elsewhere.
Topics of interest to JIT include but not limited to:
Broadband Networks
Electronic service systems (Internet, Intranet, Extranet, E-Commerce, E-Business)
Network Management
Network Operating System (NOS)
Intelligent systems engineering
Government or Staff Jobs Computerization
National Information Policy
Multimedia systems
Network Behavior Modeling
Wireless/Satellite Communication
Digital Library
Distance Learning
Internet/WWW Applications
Telecommunication Networks
Security in Networks and Systems
Cloud Computing
Internet of Things (IoT)
IPv6 related topics are especially welcome.