Image Transformation can make Neural Networks more robust against Adversarial Examples

Thang, Dang Duy; Matsui, Toshihiro

doi:10.48550/arxiv.1901.03037

Cited by 2 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Detection mechanisms have also been extensively explored, ranging from using modular redundancies (e.g., input transformation [10], [24], [67], multiple models [57], and weights randomization [18], [73]), to cascading a dedicated DNN to detect adversaries [43], [42], [21], [45]. Wang et al [71] proposes to spatially share the DNN accelerator resources between the original network and the detection network.…”

Section: Related Work and Discussionmentioning

confidence: 99%

“…5.47 = 2.0 x 0.7 + 1.4 x 0.9 + 1.5 x 0.8 + 1.0 x 0.9 + …… 2.0 x 0.7 + 1.4 x 0.9 + 1.5 x 0.8 > 0.6 x 5.47, assuming θ = 0.6 Another class of defenses uses redundancies to defend against adversarial attacks [67], [57], similar to the multi-module redundancy used in classic fault-tolerant systems [62]. This scheme, however, introduces high overhead, limiting its applicability at inference time.…”

Section: Legitimate Sample Adversarial Sample Perturbationmentioning

confidence: 99%

“…2 shows one such example, where the two slightly different images are both perceived as stop signs to human eyes, but the second image is mispredicted by a DNN model as a yield sign. The perturbations could be the result of carefully engineered attacks, but could also be an artifact of normal data acquisition such as noisy sensor capturing and image compression/resizing [67].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Ptolemy: Architecture Support for Robust Deep Learning

Gan

Qiu

Leng

et al. 2020

2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)

View full text Add to dashboard Cite

Deep learning is vulnerable to adversarial attacks, where carefully-crafted input perturbations could mislead a well-trained Deep Neural Network (DNN) to produce incorrect results. Adversarial attacks jeopardize the safety, security, and privacy of DNN-enabled systems. Today's countermeasures to adversarial attacks either do not have the capability to detect adversarial samples at inference-time, or introduce prohibitively high overhead to be practical at inference-time.We propose Ptolemy, an algorithm-architecture co-designed system that detects adversarial attacks at inference time with low overhead and high accuracy. We exploit the synergies between DNN inference and imperative program execution: an input to a DNN uniquely activates a set of neurons that contribute significantly to the inference output, analogous to the sequence of basic blocks exercised by an input in a conventional program. Critically, we observe that adversarial samples tend to activate distinctive paths from those of benign inputs. Leveraging this insight, we propose an adversarial sample detection framework, which uses canary paths generated from offline profiling to detect adversarial samples at runtime. The Ptolemy compiler along with the co-designed hardware enable efficient execution by exploiting the unique algorithmic characteristics. Extensive evaluations show that Ptolemy achieves higher or similar adversarial sample detection accuracy than today's mechanisms with a much lower (as low as 2%) runtime overhead.

show abstract

Section: Related Work and Discussionmentioning

confidence: 99%

Section: Legitimate Sample Adversarial Sample Perturbationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Ptolemy: Architecture Support for Robust Deep Learning

Gan

Qiu

Leng

et al. 2020

2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)

View full text Add to dashboard Cite

show abstract

A.I. Robustness: a Human-Centered Perspective on Technological Challenges and Opportunities

Tocchetti,

Corti,

Balayn

et al. 2024

ACM Comput. Surv.

View full text Add to dashboard Cite

Despite the impressive performance of Artificial Intelligence (AI) systems, their robustness remains elusive and constitutes a key issue that impedes large-scale adoption. Besides, robustness is interpreted differently across domains and contexts of AI. In this work, we systematically survey recent progress to provide a reconciled terminology of concepts around AI robustness. We introduce three taxonomies to organize and describe the literature both from a fundamental and applied point of view: 1) methods and approaches that address robustness in different phases of the machine learning pipeline; 2) methods improving robustness in specific model architectures, tasks, and systems; and in addition, 3) methodologies and insights around evaluating the robustness of AI systems, particularly the trade-offs with other trustworthiness properties. Finally, we identify and discuss research gaps and opportunities and give an outlook on the field. We highlight the central role of humans in evaluating and enhancing AI robustness, considering the necessary knowledge they can provide, and discuss the need for better understanding practices and developing supportive tools in the future.

show abstract

Image Transformation can make Neural Networks more robust against Adversarial Examples

Cited by 2 publications

References 0 publications

Ptolemy: Architecture Support for Robust Deep Learning

Ptolemy: Architecture Support for Robust Deep Learning

A.I. Robustness: a Human-Centered Perspective on Technological Challenges and Opportunities

Contact Info

Product

Resources

About