Top

International Journal of Multimedia Information Retrieval

Published in:

11-09-2019 | Short Paper

A retrieval-based approach for diverse and image-specific adversary selection

Authors: Rajvardhan Singh Ravat, Yashaswi Verma

Published in: International Journal of Multimedia Information Retrieval | Issue 2/2020

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

While deep neural network-based models have demonstrated compelling performance on various tasks in computer vision and other fields, they have been found to be vulnerable to adversarial attacks. Particularly, deep convolutional neural network (CNN)-based models can be easily fooled by adding a small quasi-imperceptible perturbation to the input, thus resulting in significant drop in prediction accuracies. While most of the previous works have focused on generating one adversary/perturbation per model, it was recently shown that it is possible to learn a continuous distribution over adversarial perturbations for a model. Building upon this work, in this paper, we propose a new technique for image-specific adversary selection and treat it as a retrieval task. The proposed technique utilizes a learned model that ranks the perturbations in a given set of perturbations based on their ability to fool with respect to a given sample. This model is a conditional determinantal point process model that also explicitly induces diversity among the retrieved perturbations. We conduct experiments on the ImageNet dataset using four popular deep CNN image classification models, and demonstrate that the proposed method consistently achieves state-of-the-art fooling rates.

previous article Learning visual features for relational CBIR

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Baluja S, Fischer I (2018) Learning to attack: adversarial transformation networks. Association for Advancements in Artificial Intelligence, Menlo Park

Biggio B, Corona I, Maiorca D, Nelson B, Šrndić N, Laskov P, Giacinto G, Roli F (2013) Evasion attacks against machine learning at test time. In: Joint European conference on machine learning and knowledge discovery in databases, pp 387–402CrossRef

Biggio B, Fumera G, Roli F (2014) Pattern recognition systems under attack: design issues and research challenges. Int J Pattern Recognit Artif Intell 28:1460002CrossRef

Carlini N, Wagner DA (2017) Towards evaluating the robustness of neural networks. In: IEEE symposium on security and privacy, pp 39–57

Chatfield K, Simonyan K, Vedaldi A, Zisserman A (2014) Return of the devil in the details: delving deep into convolutional nets. In: British machine vision conference

Gong B, Chao W, Grauman K, Sha F (2014) Diverse sequential subset selection for supervised video summarization. In: Advances in neural information processing systems

Goodfellow I, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. In: International conference on learning representations

Goodfellow IJ, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y (2014) Generative adversarial nets. Neural Inf Process Syst 2:2672–2680

Gu S, Rigazio L (2014) Towards deep neural network architectures robust to adversarial examples. CoRR arXiv:1412.5068

10.

He K, Zhang X, Ren S, Sun J (2016) Deep residual learning for image recognition. In: IEEE conference on computer vision and pattern recognition, pp 770–778

11.

Kulesza A, Taskar B (2011) k-DPPs: fixed-size determinantal point processes. In: International conference on machine learning

12.

Kulesza A, Taskar B (2011) Learning determinantal point processes. In: Uncertainty in artificial intelligence, pp 419–427

13.

Kulesza A, Taskar B (2012) Determinantal point processes for machine learning. Found Trends Mach Learn 5:123–286CrossRef

14.

Kurakin A, Goodfellow IJ, Bengio S (2016) Adversarial machine learning at scale. CoRR arXiv:1611.01236

15.

Macchi O (1975) The coincidence approach to stochastic point processes. Adv Appl Probab 7:83–122. https://doi.org/10.2307/1425855 MathSciNetCrossRefMATH

16.

Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2018) Towards deep learning models resistant to adversarial attacks. In: International conference on learning representations

17.

Moosavi-Dezfooli S, Fawzi A, Frossard P (2016) Deepfool: a simple and accurate method to fool deep neural networks. In: IEEE conference on computer vision and pattern recognition, pp 2574–2582

18.

Moosavi-Dezfooli SM, Fawzi A, Fawzi O, Frossard P (2017) Universal adversarial perturbations. In: IEEE conference on computer vision and pattern recognition (CVPR), pp 86–94

19.

Mopuri KR, Garg U, Radhakrishnan VB (2017) Fast feature fool: a data independent approach to universal adversarial perturbations. In: British machine vision conference

20.

Mopuri KR, Ojha U, Garg U, Babu RV (2018) NAG: network for adversary generation. In: IEEE conference on computer vision and pattern recognition, pp 742–751

21.

Nayebi A, Ganguli S (2017) Biologically inspired protection of deep networks from adversarial attacks. CoRR arXiv:1703.09202

22.

Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2017) Practical black-box attacks against machine learning. In: Asia conference on computer and communications security, pp 506–519

23.

Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2014) Intriguing properties of neural networks. In: International conference on learning representations

24.

Tramèr F, Kurakin A, Papernot N, Goodfellow I, Boneh D, McDaniel P (2018) Ensemble adversarial training: attacks and defenses. In: International conference on learning representations

25.

Wu B, Jia F, Liu W, Ghanem B (2017) Diverse image annotation. In: IEEE conference on computer vision and pattern recognition

Title: A retrieval-based approach for diverse and image-specific adversary selection
Authors: Rajvardhan Singh Ravat
Yashaswi Verma
Publication date: 11-09-2019
Publisher: Springer London
Published in: International Journal of Multimedia Information Retrieval / Issue 2/2020
Print ISSN: 2192-6611
Electronic ISSN: 2192-662X
DOI: https://doi.org/10.1007/s13735-019-00177-8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 2/2020

Multi-level context extraction and attention-based contextual inter-modal fusion for multimodal sentiment analysis and emotion classification

Learning visual features for relational CBIR

Single-image crowd counting: a comparative survey on deep learning-based approaches

Special issue on deep learning in image and video retrieval

A study on deep learning spatiotemporal models and feature extraction techniques for video understanding

Premium Partner