The existence of adversarial examples and the easiness with which they can be generated raise several security concerns with regard to deep learning systems, pushing researchers to develop suitable defence mechanisms. The use of networks adopting error-correcting output codes (ECOC) has recently been proposed to counter the creation of adversarial examples in a white-box setting. In this paper, we carry out an in-depth investigation of the adversarial robustness achieved by the ECOC approach. We do so by proposing a new adversarial attack specifically designed for multilabel classification architectures, like the ECOC-based one, and by applying two existing attacks. In contrast to previous findings, our analysis reveals that ECOC-based networks can be attacked quite easily by introducing a small adversarial perturbation. Moreover, the adversarial examples can be generated in such a way to achieve high probabilities for the predicted target class, hence making it difficult to use the prediction confidence to detect them. Our findings are proven by means of experimental results obtained on MNIST, CIFAR-10, and GTSRB classification tasks.

Zhang, B., Tondi, B., Lv, X., Barni, M. (2020). Challenging the Adversarial Robustness of DNNs Based on Error-Correcting Output Codes. SECURITY AND COMMUNICATION NETWORKS, 2020 [10.1155/2020/8882494].

Challenging the Adversarial Robustness of DNNs Based on Error-Correcting Output Codes

Tondi, Benedetta;Barni, Mauro
2020-01-01

Abstract

The existence of adversarial examples and the easiness with which they can be generated raise several security concerns with regard to deep learning systems, pushing researchers to develop suitable defence mechanisms. The use of networks adopting error-correcting output codes (ECOC) has recently been proposed to counter the creation of adversarial examples in a white-box setting. In this paper, we carry out an in-depth investigation of the adversarial robustness achieved by the ECOC approach. We do so by proposing a new adversarial attack specifically designed for multilabel classification architectures, like the ECOC-based one, and by applying two existing attacks. In contrast to previous findings, our analysis reveals that ECOC-based networks can be attacked quite easily by introducing a small adversarial perturbation. Moreover, the adversarial examples can be generated in such a way to achieve high probabilities for the predicted target class, hence making it difficult to use the prediction confidence to detect them. Our findings are proven by means of experimental results obtained on MNIST, CIFAR-10, and GTSRB classification tasks.
Zhang, B., Tondi, B., Lv, X., Barni, M. (2020). Challenging the Adversarial Robustness of DNNs Based on Error-Correcting Output Codes. SECURITY AND COMMUNICATION NETWORKS, 2020 [10.1155/2020/8882494].
File in questo prodotto:
File Dimensione Formato  
8882494.pdf

accesso aperto

Tipologia: PDF editoriale
Licenza: Creative commons
Dimensione 2.3 MB
Formato Adobe PDF
2.3 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11365/1204100