Top

Automatic Control and Computer Sciences

Published in:

01-12-2023

Defense against Adversarial Attacks on Image Recognition Systems Using an Autoencoder

Authors: V. V. Platonov, N. M. Grigorjeva

Published in: Automatic Control and Computer Sciences | Issue 8/2023

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Adversarial attacks on artificial neural network systems for image recognition are considered. To improve the security of image recognition systems against adversarial attacks (evasion attacks), the use of autoencoders is proposed. Various attacks are considered and software prototypes of autoencoders of full-link and convolutional architectures are developed as means of defense against evasion attacks. The possibility of using developed prototypes as a basis for designing autoencoders more complex architectures is substantiated.

previous article Hybrid Method for the Detection of Evasion Attacks Aimed at Machine Learning Systems

next article Protection of Computational Machine Learning Models against Extraction Threat

Goodfellow, I.J., Shlens, J., and Szegedy, C., Explaining and harnessing adversarial examples, 2014. https://doi.org/10.48550/arXiv.1412.6572

Tabassi, E., Burns, K.J., Hadjimichael, M., Molina-Markham, A.D., and Sexton, J.T., Draft NISTIR 8269. A Taxonomy and Terminology of Adversarial Machine Learning, National Institute of Standards and Technology, 2019. https://doi.org/10.6028/nist.ir.8269-draftCrossRef

Kulikov, D.A. and Platonov, V.V., Adversarial attacks on intrusion detection systems using the LSTM classifier, Autom. Control Comput. Sci., 2021, vol. 55, no. 8, pp. 1080–1086. https://doi.org/10.3103/s0146411621080174CrossRef

Fast gradient sign method. https://www.neuralception.com/adversarialexamples-fgsm/. Cited October 1, 2021.

Basic iterative method. https://www.neuralception.com/adversarialexamples-bim/. Cited October 1, 2021.

Iterative least likely method. https://www.neuralception.com/adversarialexamples-illmhttps://www.neuralception.com/adversarialexamples-illm/. Cited March 1, 2022.

Madry, A., Makelov, A., Schmidt, L., Tsipras, D., and Vladu, A., Towards deep learning models resistant to adversarial attacks, 2017. https://doi.org/10.48550/arXiv.1706.06083

Gandhi, A. and Jain, S., Adversarial perturbations fool deepfake detectors, 2020 Int. Joint Conf. on Neural Networks (IJCNN), Glasgow, 2020, IEEE, 2020, pp. 1–8. https://doi.org/10.1109/ijcnn48605.2020.9207034

Attacking machine learning with adversarial examples. https://openai.com/blog/adversarial-example-research/#:~:text=Gradient%20masking%20is%20a%20term,access%20to%20a%20useful%20gradient/. Cited May 5, 2022.

10.

Hinton, G., Vinyals, O., and Dean, J., Distilling the knowledge in a neural network, 2015. https://doi.org/10.48550/arXiv.1503.02531

11.

Feature squeezing. https://evademl.org/squeezing/. Cited May 5, 2022.

12.

Get started with TensorBoard. https://www.tensorflow.org/tensorboard/get_started/. Cited April 27, 2022.

13.

How to choose CNN Architecture MNIST Experiment 4. https://www.kaggle.com/code/cdeotte/how-to-choose-cnn-architecture-mnist/note-book/. Cited April 27, 2004.

Title: Defense against Adversarial Attacks on Image Recognition Systems Using an Autoencoder
Authors: V. V. Platonov
N. M. Grigorjeva
Publication date: 01-12-2023
Publisher: Pleiades Publishing
Published in: Automatic Control and Computer Sciences / Issue 8/2023
Print ISSN: 0146-4116
Electronic ISSN: 1558-108X
DOI: https://doi.org/10.3103/S0146411623080230

Springer Professional

Abstract

Please log in to get access to your license.

Other articles of this Issue 8/2023

Empirical Study of the Stability of a Linear Filter Based on the Neyman–Pearson Criterion to Changes in the Average Values

Early Detection of Network Attacks Based on Weight-Insensitive Neural Networks

Method for Detecting Manipulation Attacks on Recommender Systems with Collaborative Filtering

Protection of Computational Machine Learning Models against Extraction Threat

Data Modeling in Big Data Systems Including Polystore and Heterogeneous Information Processing Components

Risk Assessment of Using Open Source Projects: Analysis of the Existing Approaches