In the past decades, the rise of artificial intelligence has given us the capabilities to solve the most challenging problems in our day-to-day lives, such as cancer prediction and autonomous navigation. However, these applications might not be reliable if not secured against adversarial attacks. In addition, recent works demonstrated that some adversarial examples are transferable across different models. Therefore, it is crucial to avoid such transferability via robust models that resist adversarial manipulations. In this paper, we propose a feature randomization-based approach that resists eight adversarial attacks targeting deep learning models in the testing phase. Our novel approach consists of changing the training strategy in the target network classifier and selecting random feature samples. We consider the attacker with a Limited-Knowledge and Semi-Knowledge conditions to undertake the most prevalent types of adversarial attacks. We evaluate the robustness of our approach using the well-known UNSW-NB15 datasets that include realistic and synthetic attacks. Afterward, we demonstrate that our strategy outperforms the existing state-of-the-art approach, such as the Most Powerful Attack, which consists of fine-tuning the network model against specific adversarial attacks. Further, we demonstrate the practicality of our approach using the VIPPrint dataset through a comprehensive set of experiments. Finally, our experimental results show that our methodology can secure the target network and resists adversarial attack transferability by over 60%.
Nowroozi, E., Mohammadi, M., Golmohammadi, P., Mekdad, Y., Conti, M., Uluagac, S. (2024). Resisting Deep Learning Models Against Adversarial Attack Transferability via Feature Randomization. IEEE TRANSACTIONS ON SERVICES COMPUTING, 17(1), 18-29 [10.1109/tsc.2023.3329081].
Resisting Deep Learning Models Against Adversarial Attack Transferability via Feature Randomization
Nowroozi, Ehsan
;
2024-01-01
Abstract
In the past decades, the rise of artificial intelligence has given us the capabilities to solve the most challenging problems in our day-to-day lives, such as cancer prediction and autonomous navigation. However, these applications might not be reliable if not secured against adversarial attacks. In addition, recent works demonstrated that some adversarial examples are transferable across different models. Therefore, it is crucial to avoid such transferability via robust models that resist adversarial manipulations. In this paper, we propose a feature randomization-based approach that resists eight adversarial attacks targeting deep learning models in the testing phase. Our novel approach consists of changing the training strategy in the target network classifier and selecting random feature samples. We consider the attacker with a Limited-Knowledge and Semi-Knowledge conditions to undertake the most prevalent types of adversarial attacks. We evaluate the robustness of our approach using the well-known UNSW-NB15 datasets that include realistic and synthetic attacks. Afterward, we demonstrate that our strategy outperforms the existing state-of-the-art approach, such as the Most Powerful Attack, which consists of fine-tuning the network model against specific adversarial attacks. Further, we demonstrate the practicality of our approach using the VIPPrint dataset through a comprehensive set of experiments. Finally, our experimental results show that our methodology can secure the target network and resists adversarial attack transferability by over 60%.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Resisting_Deep_Learning_Models_Against_Adversarial_Attack_Transferability_via_Feature_Randomization.pdf
non disponibili
Tipologia:
PDF editoriale
Licenza:
NON PUBBLICO - Accesso privato/ristretto
Dimensione
2.99 MB
Formato
Adobe PDF
|
2.99 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11365/1284834