Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
119 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

From Attack to Defense: Insights into Deep Learning Security Measures in Black-Box Settings (2405.01963v1)

Published 3 May 2024 in cs.CR, cs.AI, cs.CV, and cs.LG

Abstract: Deep Learning (DL) is rapidly maturing to the point that it can be used in safety- and security-crucial applications. However, adversarial samples, which are undetectable to the human eye, pose a serious threat that can cause the model to misbehave and compromise the performance of such applications. Addressing the robustness of DL models has become crucial to understanding and defending against adversarial attacks. In this study, we perform comprehensive experiments to examine the effect of adversarial attacks and defenses on various model architectures across well-known datasets. Our research focuses on black-box attacks such as SimBA, HopSkipJump, MGAAttack, and boundary attacks, as well as preprocessor-based defensive mechanisms, including bits squeezing, median smoothing, and JPEG filter. Experimenting with various models, our results demonstrate that the level of noise needed for the attack increases as the number of layers increases. Moreover, the attack success rate decreases as the number of layers increases. This indicates that model complexity and robustness have a significant relationship. Investigating the diversity and robustness relationship, our experiments with diverse models show that having a large number of parameters does not imply higher robustness. Our experiments extend to show the effects of the training dataset on model robustness. Using various datasets such as ImageNet-1000, CIFAR-100, and CIFAR-10 are used to evaluate the black-box attacks. Considering the multiple dimensions of our analysis, e.g., model complexity and training dataset, we examined the behavior of black-box attacks when models apply defenses. Our results show that applying defense strategies can significantly reduce attack effectiveness. This research provides in-depth analysis and insight into the robustness of DL models against various attacks, and defenses.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (29)
  1. Advedge: Optimizing adversarial perturbations against interpretable deep learning. In International Conference on Computational Data and Social Networks, pages 93–105. Springer, 2021.
  2. Hardening interpretable deep learning systems: Investigating adversarial threats and defenses. IEEE Transactions on Dependable and Secure Computing, 2023.
  3. Unveiling vulnerabilities in interpretable deep learning systems with query-efficient black-box attacks. arXiv preprint arXiv:2307.11906, 2023.
  4. Large-scale and robust code authorship identification with deep feature learning. ACM Transactions on Privacy and Security (TOPS), 24(4):1–35, 2021.
  5. Effective multitask deep learning for iot malware detection and identification using behavioral traffic analysis. IEEE Transactions on Network and Service Management, 2022.
  6. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. In 6th International Conference on Learning Representations, ICLR 2018, April 30 - May 3, 2018, Conference Track Proceedings, pages 1–12, 2018.
  7. Hidden voice commands. In 25th USENIX Security Symposium, 2016.
  8. Adversarial examples are not easily detected: Bypassing ten detection methods. In Proceedings of the 10th ACM workshop on artificial intelligence and security, pages 3–14, 2017.
  9. Hopskipjumpattack: A query-efficient decision-based attack. In 2020 ieee symposium on security and privacy (sp), pages 1277–1294, San Francisco, CA, USA, 2020. IEEE.
  10. A study of the effect of jpg compression on adversarial images. arXiv preprint arXiv:1608.00853, pages 1–8, 2016.
  11. Analysis of adversarial attacks against cnn-based image forgery detectors. In 2018 26th European Signal Processing Conference (EUSIPCO), pages 967–971. IEEE, 2018.
  12. Simple black-box adversarial attacks. In International Conference on Machine Learning, pages 2484–2493, Honolulu, HI, USA, 2019. PMLR.
  13. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 770–778, Las Vegas Nevada, 2016. IEEE Xplore.
  14. Fooling decision-based black-box automotive vision perception systems in physical world. IEEE Transactions on Intelligent Transportation Systems, pages 1–12, 2024.
  15. Learning multiple layers of features from tiny images. Technical report, pages 1–60, 2009.
  16. Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236, pages 1–17, 2016.
  17. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11):2278–2324, 1998.
  18. No bot expects the deepcaptcha! introducing immutable adversarial examples, with applications to captcha generation. IEEE Transactions on Information Forensics and Security, 12(11):2640–2653, 2017.
  19. Evaluating adversarial attacks on imagenet: A reality check on misclassification classes. arXiv preprint arXiv:2111.11056, pages 1–16, 2021.
  20. Imagenet large scale visual recognition challenge. International journal of computer vision, 115(3):211–252, 2015.
  21. Adversarial training for free! Advances in Neural Information Processing Systems, 32, 2019.
  22. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556, pages 1–14, 2014.
  23. Classification and analysis of android malware images using feature fusion technique. IEEE Access, 9:90102–90117, 2021.
  24. Intriguing properties of neural networks. In International Conference on Learning Representations, ICLR 2014, pages 1–10, 2014.
  25. Mgaattack: Toward more query-efficient black-box attack by microbial genetic algorithm. In Proceedings of the 28th ACM International Conference on Multimedia, pages 2229–2236, 2020.
  26. Image quality assessment: from error visibility to structural similarity. IEEE Transactions on Image Processing, 13(4):600–612, 2004.
  27. Feature squeezing: Detecting adversarial examples in deep neural networks. In 25th Annual Network and Distributed System Security Symposium, NDSS 2018, February 18-21, 2018, pages 1–15, HSan Diego, California, USA, 2018. The Internet Society.
  28. Dolphinattack: Inaudible voice commands. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 103–117, 2017.
  29. Interpretable deep learning under fire. In 29th USENIX Security Symposium, 2020.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (5)
  1. Firuz Juraev (3 papers)
  2. Mohammed Abuhamad (14 papers)
  3. Eric Chan-Tin (6 papers)
  4. George K. Thiruvathukal (48 papers)
  5. Tamer Abuhmed (8 papers)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets