Combatting Adversarial Attacks through Denoising and Dimensionality Reduction: A Cascaded Autoencoder Approach

Sahay, Rajeev; Mahfuz, Rehana; Gamal, Aly El

doi:10.1109/ciss.2019.8692918

Cited by 25 publications

(23 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…These autoencoders are specifically designed to compress data effectively and reduce dimensions. Hence, it may not be wholly generalized, and training with corrupted data requires a lot of adjustments to get better test results [33]. Their model provide that when test data is preprocessed using this cascading, the tested deep neural network classifier provides much higher accuracy, thus mitigating the effect of the adversarial perturbation.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Generative Model based Adversarial Security of Deep Learning and Linear Classifier Models

Sivaslioglu

Çatak

ŞAHİNBAŞ

2021

IJCAI

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

“…Combatting Adversarial Attacks through Denoising and Dimensionality Reduction: A Cascaded Autoencoder Approach [33] They have used an autoencoder to denoise the test data which is trained with both corrupted and normal data. Then they reduce the dimension of the denoised data.…”

Section: White Box Attacksmentioning

confidence: 99%

A Generative Model based Adversarial Security of Deep Learning and Linear Classifier Models

Sivaslioglu

Çatak

ŞAHİNBAŞ

2021

IJCAI

View full text Add to dashboard Cite

“…One such use of convolutional auto-encoders to purify AEs has been described in [8]. As shown by [16] dimensionality reduction using an autoencoder is also an effective defense against adversarial attacks. The method uses autoencoder to perform denoising of FGSM attack on MNIST dataset.…”

Section: Denoising Of Adversarial Examplesmentioning

confidence: 99%

Frequency Centric Defense Mechanisms against Adversarial Examples

Shah

Raval

Khakhi

et al. 2021

Proceedings of the 1st International Workshop on Adversarial Learning for Multimedia

View full text Add to dashboard Cite

Adversarial example (AE) aims at fooling a Convolution NeuralNetwork by introducing small perturbations in the input image. The proposed work uses the magnitude and phase of the Fourier Spectrum and the entropy of the image to defend against AE. We demonstrate the defense in two ways: by training an adversarial detector and denoising the adversarial effect. Experiments were conducted on the low-resolution CIFAR-10 and high-resolution ImageNet datasets. The adversarial detector has 99% accuracy for FGSM and PGD attacks on the CIFAR-10 dataset. However, the detection accuracy falls to 50% for sophisticated DeepFool and Carlini & Wagner attacks on ImageNet. We overcome the limitation by using autoencoder and show that 70% of AEs are correctly classified after denoising. CCS CONCEPTS• Computing methodologies → Computer vision; Object recognition.

show abstract

“…Often, these methods are, without modification, employed to mitigate attacks generated using a disparate classifier's gradient with less success than in the case where the attack is based on the victim classifier's gradient [2]. For example, defenses based on Principal Components Analysis (PCA) [3], autoencoder-based dimensionality reduction [4], [5], and denoising autoencoders [5] suffer a severe degradation of performance in architecture mismatch settings. Recent work has proposed training multiple DAEs (for filtering instead of dimensionality reduction) and randomly selecting one as a defense at test time [6].…”

Section: Introductionmentioning

confidence: 99%

Ensemble Noise Simulation to Handle Uncertainty about Gradient-based Adversarial Attacks

Mahfuz,

Sahay,

Gamal

2020

Preprint

Self Cite

View full text Add to dashboard Cite

Gradient-based adversarial attacks on neural networks can be crafted in a variety of ways by varying either how the attack algorithm relies on the gradient, the network architecture used for crafting the attack, or both. Most recent work has focused on defending classifiers in a case where there is no uncertainty about the attacker's behavior (i.e., the attacker is expected to generate a specific attack using a specific network architecture). However, if the attacker is not guaranteed to behave in a certain way, the literature lacks methods in devising a strategic defense. We fill this gap by simulating the attacker's noisy perturbation using a variety of attack algorithms based on gradients of various classifiers. We perform our analysis using a pre-processing Denoising Autoencoder (DAE) defense that is trained with the simulated noise. We demonstrate significant improvements in post-attack accuracy, using our proposed ensemble-trained defense, compared to a situation where no effort is made to handle uncertainty.

show abstract

Combatting Adversarial Attacks through Denoising and Dimensionality Reduction: A Cascaded Autoencoder Approach

Cited by 25 publications

References 10 publications

A Generative Model based Adversarial Security of Deep Learning and Linear Classifier Models

A Generative Model based Adversarial Security of Deep Learning and Linear Classifier Models

Frequency Centric Defense Mechanisms against Adversarial Examples

Ensemble Noise Simulation to Handle Uncertainty about Gradient-based Adversarial Attacks

Contact Info

Product

Resources

About