Quality Criteria and Method of Synthesis for Adversarial Attack-Resistant Classifiers

Gurina, Anastasiya; Елисеев, В. Л.

doi:10.3390/make4020024

Cited by 2 publications

(1 citation statement)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The primary objective of the adversarial attacks is to take into account the model's vulnerabilities and craft adversarial input to fool the DNN model into producing incorrect results [5][6][7][8]. Various adversarial attack strategies have recently been proposed to fool the DNN model into producing incorrect results in different application domains [9][10][11][12][13][14].…”

Section: Introductionmentioning

confidence: 99%

Reconstruction-Based Adversarial Attack Detection in Vision-Based Autonomous Driving Systems

Hussain,

Hong

2023

MAKE

View full text Add to dashboard Cite

The perception system is a safety-critical component that directly impacts the overall safety of autonomous driving systems (ADSs). It is imperative to ensure the robustness of the deep-learning model used in the perception system. However, studies have shown that these models are highly vulnerable to the adversarial perturbation of input data. The existing works mainly focused on studying the impact of these adversarial attacks on classification rather than regression models. Therefore, this paper first introduces two generalized methods for perturbation-based attacks: (1) We used naturally occurring noises to create perturbations in the input data. (2) We introduce a modified square, HopSkipJump, and decision-based/boundary attack to attack the regression models used in ADSs. Then, we propose a deep-autoencoder-based adversarial attack detector. In addition to offline evaluation metrics (e.g., F1 score and precision, etc.), we introduce an online evaluation framework to evaluate the robustness of the model under attack. The framework considers the reconstruction loss of the deep autoencoder that validates the robustness of the models under attack in an end-to-end fashion at runtime. Our experimental results showed that the proposed adversarial attack detector could detect square, HopSkipJump, and decision-based/boundary attacks with a true positive rate (TPR) of 93%.

show abstract