Xintao Ding
Consensus Adversarial Defense Method Based on Augmented Examples
Ding, Xintao; Cheng, Yongqiang; Luo, Yonglong; Li, Qingde; Gope, Prosanta
Abstract
Deep learning has been used in many computer-vision-based industrial Internet of Things applications. However, deep neural networks are vulnerable to adversarial examples that have been crafted specifically to fool a system while being imperceptible to humans. In this study, we propose a consensus defense (Cons-Def) method to defend against adversarial attacks. Cons-Def implements classification and detection based on the consensus of the classifications of the augmented examples, which are generated based on an individually implemented intensity exchange on the red, green, and blue components of the input image. We train a convolutional neural network using augmented examples together with their original examples. For the test image to be assigned to a specific class, the class occurrence of the classifications on its augmented images should be the maximum and reach a defined threshold. Otherwise, it is detected as an adversarial example. The comparison experiments are implemented on MNIST, CIFAR-10, and ImageNet. The average defense success rate (DSR) against white-box attacks on the test sets of the three datasets is 80.3%. The average DSR against black-box attacks on CIFAR-10 is 91.4%. The average classification accuracies of Cons-Def on benign examples of the three datasets are 98.0%, 78.3%, and 66.1%. The experimental results show that Cons-Def shows a high classification performance on benign examples and is robust against white-box and black-box adversarial attacks.
Citation
Ding, X., Cheng, Y., Luo, Y., Li, Q., & Gope, P. (2022). Consensus Adversarial Defense Method Based on Augmented Examples. IEEE Transactions on Industrial Informatics, https://doi.org/10.1109/TII.2022.3169973
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Apr 15, 2022 |
| Online Publication Date | Apr 25, 2022 |
| Publication Date | Apr 25, 2022 |
| Deposit Date | Jun 7, 2022 |
| Publicly Available Date | Jun 8, 2022 |
| Journal | IEEE Transactions on Industrial Informatics |
| Print ISSN | 1551-3203 |
| Electronic ISSN | 1941-0050 |
| Publisher | Institute of Electrical and Electronics Engineers |
| Peer Reviewed | Peer Reviewed |
| DOI | https://doi.org/10.1109/TII.2022.3169973 |
| Keywords | Adversarial defense; Consensus defense; Data augmentation; Industrial Internet of Things |
| Public URL | https://hull-repository.worktribe.com/output/4000360 |
Files
Accepted manuscript
(2.6 Mb)
PDF
Copyright Statement
© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
You might also like
A LDA-Based Social Media Data Mining Framework for Plastic Circular Economy
(2024)
Journal Article
Using outlier elimination to assess learning-based correspondence matching methods
(2024)
Journal Article
Information Rich Voxel Grid for Use in Heterogeneous Multi-Agent Robotics
(2023)
Journal Article
Downloadable Citations
About Repository@Hull
Administrator e-mail: repository@hull.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search