Adversarial Deep Learning: A Survey on Adversarial Attacks and Defense Mechanisms on Image Classification

Khamaiseh, Samer; Bagagem, Derek; Al-Alaj, Abdullah; Mancino, Mathew; Alomari, Hakam W.

doi:10.1109/access.2022.3208131

Cited by 30 publications

(12 citation statements)

References 107 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We cannot completely remove a trained model's vulnerabilities by applying a state-of-the-art method of model development. For example, despite many studies on adversarial examples [50][51][52][53][54][55], no machine learning algorithm is known to produce models that behave correctly for all adversarial examples (Section 6.6).…”

Section: Security Controls At the System Level In The Presence Of Vul...mentioning

confidence: 99%

See 1 more Smart Citation

Threats, Vulnerabilities, and Controls of Machine Learning Based Systems: A Survey and Taxonomy

Kawamoto¹,

Miyake²,

Konishi³

et al. 2023

Preprint

View full text Add to dashboard Cite

In this article, we propose the Artificial Intelligence Security Taxonomy to systematize the knowledge of threats, vulnerabilities, and security controls of machine-learning-based (ML-based) systems. We first classify the damage caused by attacks against ML-based systems, define ML-specific security, and discuss its characteristics. Next, we enumerate all relevant assets and stakeholders and provide a general taxonomy for ML-specific threats. Then, we collect a wide range of security controls against ML-specific threats through an extensive review of recent literature. Finally, we classify the vulnerabilities and controls of an ML-based system in terms of each vulnerable asset in the system's entire lifecycle.

show abstract

Section: Security Controls At the System Level In The Presence Of Vul...mentioning

confidence: 99%

“…Survey literature. For technical details of attacks and defenses, see previous papers, e.g., [50][51][52][53][54][55].…”

Section: Vulnerabilities and Security Controlsmentioning

confidence: 99%

Threats, Vulnerabilities, and Controls of Machine Learning Based Systems: A Survey and Taxonomy

Kawamoto¹,

Miyake²,

Konishi³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…In recent years, the vulnerability of deep neural networks (DNNs) to adversarial attacks has sparked significant interest, leading to a growing body of research focused on interpreting adversarial attacks (Han et al, 2023) and devising defense and detection mechanisms (Khamaiseh et al, 2022). Various proposed methods include augmenting input images to enhance robustness against adversarial attacks (Frosio and Kautz, 2023), mapping adversarial images back to the clean distribution (Li et al, 2023), and using vector quantization (Dong and Mao, 2023).…”

Section: Related Work Adversarial Defensementioning

confidence: 99%

Leveraging linear mapping for model-agnostic adversarial defense

Jamil,

Liu,

Blanchard

et al. 2023

Front. Comput. Sci.

View full text Add to dashboard Cite

In the ever-evolving landscape of deep learning, novel designs of neural network architectures have been thought to drive progress by enhancing embedded representations. However, recent findings reveal that the embedded representations of various state-of-the-art models are mappable to one another via a simple linear map, thus challenging the notion that architectural variations are meaningfully distinctive. While these linear maps have been established for traditional non-adversarial datasets, e.g., ImageNet, to our knowledge no work has explored the linear relation between adversarial image representations of these datasets generated by different CNNs. Accurately mapping adversarial images signals the feasibility of generalizing an adversarial defense optimized for a specific network. In this work, we demonstrate the existence of a linear mapping of adversarial inputs between different models that can be exploited to develop such model-agnostic, generalized adversarial defense. We further propose an experimental setup designed to underscore the concept of this model-agnostic defense. We train a linear classifier using both adversarial and non-adversarial embeddings within the defended space. Subsequently, we assess its performance using adversarial embeddings from other models that are mapped to this space. Our approach achieves an AUROC of up to 0.99 for both CIFAR-10 and ImageNet datasets.

show abstract

“…These bugs, often termed as "model bugs" in the context of CNNs, can manifest in various forms, including structural bugs and training bugs [5]. Not surprisingly, the implications of such bugs can be severe, ranging from financial losses to amplified safety concerns [6], [7].…”

Section: Introductionmentioning

confidence: 99%

DeepCNN: A Dual Approach to Fault Localization and Repair in Convolutional Neural Networks

Wardat,

Al-Alaj

2024

IEEE Access

Self Cite

View full text Add to dashboard Cite

Deep learning models, particularly Convolutional Neural Networks (CNNs), play a pivotal role in intelligent software. However, like any software application, CNN-based applications are susceptible to bugs. Bug-fix patterns in CNN differ from traditional techniques, primarily due to their inherent blackbox nature. Moreover, current methods, although tailored for generic DNN structures, are time consuming, require specialized expertise, and are not directly applicable to the unique structure and requirements of CNNs. To address these issues, we propose DeepCNN, an innovative automated tool to identify the root causes of CNN faults and autonomously fix prevalent training faults that impact the performance and efficiency of CNN programs. DeepCNN, a data-driven tool, employs a transformer encoder model to abstract token-level CNN code, enabling it to effectively detect and fix bugs in real-world CNN models. Beyond mere identification, DeepCNN offers automated solutions for repairing CNN hyperparameter misconfigurations using an optimization solver. Additionally, by analyzing data dependencies and employing a search algorithm, it determines the most optimal hyperparameter values for the problematic models, ultimately generating patch fixes. Through rigorous evaluation on 36 diverse buggy models, DeepCNN outperformed existing methods in fault localization and repair, showing a robustness in identifying potential problems with a 90% detection rate. Among these problematic models, it manages to repair 90% of them -resulting in a 30% average accuracy boost.

show abstract

Adversarial Deep Learning: A Survey on Adversarial Attacks and Defense Mechanisms on Image Classification

Cited by 30 publications

References 107 publications

Threats, Vulnerabilities, and Controls of Machine Learning Based Systems: A Survey and Taxonomy

Threats, Vulnerabilities, and Controls of Machine Learning Based Systems: A Survey and Taxonomy

Leveraging linear mapping for model-agnostic adversarial defense

DeepCNN: A Dual Approach to Fault Localization and Repair in Convolutional Neural Networks

Contact Info

Product

Resources

About