Skip to main content

Research Repository

Advanced Search

Consensus Adversarial Defense Method Based on Augmented Examples

Ding, Xintao; Cheng, Yongqiang; Luo, Yonglong; Li, Qingde; Gope, Prosanta

Authors

Xintao Ding

Yonglong Luo

Prosanta Gope



Abstract

Deep learning has been used in many computer-vision-based industrial Internet of Things applications. However, deep neural networks are vulnerable to adversarial examples that have been crafted specifically to fool a system while being imperceptible to humans. In this study, we propose a consensus defense (Cons-Def) method to defend against adversarial attacks. Cons-Def implements classification and detection based on the consensus of the classifications of the augmented examples, which are generated based on an individually implemented intensity exchange on the red, green, and blue components of the input image. We train a convolutional neural network using augmented examples together with their original examples. For the test image to be assigned to a specific class, the class occurrence of the classifications on its augmented images should be the maximum and reach a defined threshold. Otherwise, it is detected as an adversarial example. The comparison experiments are implemented on MNIST, CIFAR-10, and ImageNet. The average defense success rate (DSR) against white-box attacks on the test sets of the three datasets is 80.3%. The average DSR against black-box attacks on CIFAR-10 is 91.4%. The average classification accuracies of Cons-Def on benign examples of the three datasets are 98.0%, 78.3%, and 66.1%. The experimental results show that Cons-Def shows a high classification performance on benign examples and is robust against white-box and black-box adversarial attacks.

Citation

Ding, X., Cheng, Y., Luo, Y., Li, Q., & Gope, P. (2022). Consensus Adversarial Defense Method Based on Augmented Examples. IEEE Transactions on Industrial Informatics, https://doi.org/10.1109/TII.2022.3169973

Journal Article Type Article
Acceptance Date Apr 15, 2022
Online Publication Date Apr 25, 2022
Publication Date Apr 25, 2022
Deposit Date Jun 7, 2022
Publicly Available Date Oct 27, 2022
Journal IEEE Transactions on Industrial Informatics
Print ISSN 1551-3203
Electronic ISSN 1941-0050
Publisher Institute of Electrical and Electronics Engineers
Peer Reviewed Peer Reviewed
DOI https://doi.org/10.1109/TII.2022.3169973
Keywords Adversarial defense; Consensus defense; Data augmentation; Industrial Internet of Things
Public URL https://hull-repository.worktribe.com/output/4000360

Files

Accepted manuscript (2.5 Mb)
PDF

Copyright Statement
© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.



You might also like



Downloadable Citations