Filters








52 Hits in 3.2 sec

Defending DNN Adversarial Attacks with Pruning and Logits Augmentation

Siyue Wang, Xiao Wang, Shaokai Ye, Pu Zhao, Xue Lin
2018 2018 IEEE Global Conference on Signal and Information Processing (GlobalSIP)  
In this work, we enhance the robustness of DNNs under adversarial attacks by using pruning method and logits augmentation, therefore, we achieve both higher defense against adversarial examples and more  ...  However, recent research found that these powerful models are vulnerable to adversarial attacks, i.e., intentionally added imperceptible perturbations to DNN inputs can easily mislead the DNNs with extremely  ...  LOGITS AUGMENTATION To further improve the robustness of DNNs under adversarial attacks, we propose to use the logits augmentation on top of the pruning method.  ... 
doi:10.1109/globalsip.2018.8646578 dblp:conf/globalsip/WangWYZL18 fatcat:2eaoqm3fojginj6vie6im4kemq

You Can't Fool All The Models: Detect Adversarial Samples via Pruning Models

Renxuan Wang, Zuohui Chen, Hui Dong, Qi Xuan
2021 IEEE Access  
Many adversarial attack methods have investigated the security issue of deep learning models.  ...  Experiments show that, on average, four different pruning methods outperform the SOTA multi-model based detection method (64.15% and 73.70%) by 28.65% and 18.73% on CIFAR10 and SVHN, respectively, with  ...  [38] proposed a robustness enhancement method combined with model pruning and logits augmentation. Guo et al. [32] revealed the relationship between sparsity and robustness.  ... 
doi:10.1109/access.2021.3133334 fatcat:7majzcnjyzfu5mcaxg2a4onziy

Deep Serial Number: Computational Watermarking for DNN Intellectual Property Protection [article]

Ruixiang Tang, Mengnan Du, Xia Hu
2020 arXiv   pre-print
During the distillation process, each customer DNN is augmented with a unique serial number, i.e., an encrypted 0/1 bit trigger pattern.  ...  Different from existing work that embeds identification information into DNNs, we explore a new DNN Intellectual Property Protection mechanism that can prevent adversaries from deploying the stolen deep  ...  The pruned model accuracy with SN is not changed with increasing pruning strength and the accuracy without SN increases 0.7% when pruning 40% of the model weight.  ... 
arXiv:2011.08960v1 fatcat:uxy5lqegpvb75ms5rptwqmgjre

Universal Litmus Patterns: Revealing Backdoor Attacks in CNNs

Soheil Kolouri, Aniruddha Saha, Hamed Pirsiavash, Heiko Hoffmann
2020 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR)  
We demonstrate the effectiveness of ULPs for detecting backdoor attacks on thousands of networks with different architectures trained on four benchmark datasets, namely the German Traffic Sign Recognition  ...  The unprecedented success of deep neural networks in many applications has made these networks a prime target for adversarial exploitation.  ...  Department of Commerce, National Institute of Standards and Technology, funding from SAP SE, and also NSF grant 1845216.  ... 
doi:10.1109/cvpr42600.2020.00038 dblp:conf/cvpr/KolouriSPH20 fatcat:yay72rpjlnf6vea5w6e7pvdesu

Universal Litmus Patterns: Revealing Backdoor Attacks in CNNs [article]

Soheil Kolouri, Aniruddha Saha, Hamed Pirsiavash, Heiko Hoffmann
2020 arXiv   pre-print
We demonstrate the effectiveness of ULPs for detecting backdoor attacks on thousands of networks with different architectures trained on four benchmark datasets, namely the German Traffic Sign Recognition  ...  The unprecedented success of deep neural networks in many applications has made these networks a prime target for adversarial exploitation.  ...  Department of Commerce, National Institute of Standards and Technology, funding from SAP SE, and also NSF grant 1845216.  ... 
arXiv:1906.10842v2 fatcat:4fblzeuuxbbxjcor44253tt2di

BreakingBED – Breaking Binary and Efficient Deep Neural Networks by Adversarial Attacks [article]

Manoj Rohit Vemparala, Alexander Frickenstein, Nael Fasfous, Lukas Frickenstein, Qi Zhao, Sabine Kuhn, Daniel Ehrhardt, Yuankai Wu, Christian Unger, Naveen Shankar Nagaraja, Walter Stechele
2021 arXiv   pre-print
In this paper, we thoroughly study the robustness of uncompressed, distilled, pruned and binarized neural networks against white-box and black-box adversarial attacks (FGSM, PGD, C&W, DeepFool, LocalSearch  ...  Our analysis reveals susceptible behavior of uncompressed and pruned CNNs against all kinds of attacks.  ...  In detail, we expose vanilla full-precision, distilled, pruned and binary DNNs to a variety of adversarial attacks in Sec. 4. knowledge distillation, pruning, and binarization can potentially make CNNs  ... 
arXiv:2103.08031v1 fatcat:b3yvnuenofe3rnq5ufasmokk3e

Batch-wise Logit-Similarity: Generalizing Logit-Squeezing and Label-Smoothing

Ali Shafahi, Amin Ghiasi, Mahyar Najibi, Furong Huang, John P. Dickerson, Tom Goldstein
2019 British Machine Vision Conference  
robust as adversarially trained models on the CIFAR-10 and CIFAR-100 datasets when robustness is measured in terms of ∞ attacks.  ...  Unlike conventional adversarial training, regularization methods keep training time short and become robust against 2 attacks in addition to ∞ .  ...  White-box PGD attacks on our logit-squeezed and adversarially trained CIFAR-100 models. We use ∞ attacks with ε = 8.  ... 
dblp:conf/bmvc/ShafahiGNHDG19 fatcat:2hdw7cw6bvdtbhdcxqdkcsipri

Adversarial Attacks and Defenses in Deep Learning

Kui Ren, Tianhang Zheng, Zhan Qin, Xue Liu
2020 Engineering  
In this paper, we first introduce the theoretical foundations, algorithms, and applications of adversarial attack techniques.  ...  Hence, adversarial attack and defense techniques have attracted increasing attention from both machine learning and security communities and have become a hot research topic in recent years.  ...  This strategy can be used to defend against various adversarial attacks.  ... 
doi:10.1016/j.eng.2019.12.012 fatcat:zig3ascmqjfgboauj2276wuvcy

Handcrafted Backdoors in Deep Neural Networks [article]

Sanghyun Hong, Nicholas Carlini, Alexey Kurakin
2021 arXiv   pre-print
removal techniques and can evade existing defenses by slightly changing the backdoor attack configurations.  ...  This makes it difficult for a defender to identify or remove the manipulations with straightforward methods, such as statistical analysis, adding random noises to model parameters, or clipping their values  ...  We experiment with magnitude-based pruning, known as an effective pruning for making a network sparse [12, 26] .  ... 
arXiv:2106.04690v1 fatcat:vfqiwfquynfgpkkhug72fg44pe

Inspect, Understand, Overcome: A Survey of Practical Methods for AI Safety [article]

Sebastian Houben, Stephanie Abrecht, Maram Akila, Andreas Bär, Felix Brockherde, Patrick Feifel, Tim Fingscheidt, Sujan Sai Gannamaneni, Seyed Eghbal Ghobadi, Ahmed Hammam, Anselm Haselhoff, Felix Hauser (+29 others)
2021 arXiv   pre-print
These shortcomings are diverse and range from a lack of generalization over insufficient interpretability to problems with malicious inputs.  ...  The use of deep neural networks (DNNs) in safety-critical applications like mobile health and autonomous driving is challenging due to numerous model-inherent shortcomings.  ...  Furthermore, this research has been funded by the Federal Ministry of Education and Research of Germany as part of the competence center for machine learning ML2R (01IS18038B).  ... 
arXiv:2104.14235v1 fatcat:f6sj3v2brza7thyzw7b7fkpo2m

Noise as a Resource for Learning in Knowledge Distillation [article]

Elahe Arani, Fahad Sarfraz, Bahram Zonooz
2020 arXiv   pre-print
high performance compact adversarially robust models (Soft Randomization), and training models efficiently under label noise (Messy Collaboration).  ...  We empirically show that injecting constructive noise at different levels in the collaborative learning framework enables us to train the model effectively and distill desirable characteristics in the  ...  defend the models against these attacks [37, 60] .  ... 
arXiv:1910.05057v2 fatcat:mbhuwaytjrbkzb2nhctak3oopy

Februus: Input Purification Defense Against Trojan Attacks on Deep Neural Network Systems [article]

Bao Gia Doan, Ehsan Abbasnejad, Damith C. Ranasinghe
2020 arXiv   pre-print
We propose Februus; a new idea to neutralize highly potent and insidious Trojan attacks on Deep Neural Network (DNN) systems at run-time.  ...  We dramatically reduced attack success rates from 100% to near 0% for all cases (achieving 0% on multiple cases) and evaluated the generalizability of Februus to defend against complex adaptive attacks  ...  [22] developed a method named Fine-Pruning to disable backdoors by pruning DNNs and then fine-tuning the pruned network.  ... 
arXiv:1908.03369v7 fatcat:f3mdnyuadjc55ic2leitxnwjsm

REFIT: a Unified Watermark Removal Framework for Deep Learning Systems with Limited Data [article]

Xinyun Chen, Wenxiao Wang, Chris Bender, Yiming Ding, Ruoxi Jia, Bo Li, Dawn Song
2020 arXiv   pre-print
Furthermore, we conduct a comprehensive study of a realistic attack scenario where the adversary has limited training data.  ...  Deep neural networks (DNNs) have achieved tremendous success in various fields; however, training these models from scratch could be computationally expensive and requires a lot of training data.  ...  Comparison with fine-pruning.  ... 
arXiv:1911.07205v2 fatcat:6wb5ulvtvrdvzl327p4me5cafe

Adversarial Neural Pruning with Latent Vulnerability Suppression [article]

Divyam Madaan, Jinwoo Shin, Sung Ju Hwang
2020 arXiv   pre-print
We further propose a Bayesian framework to prune features with high vulnerability to reduce both vulnerability and loss on adversarial samples.  ...  We validate our Adversarial Neural Pruning with Vulnerability Suppression (ANP-VS) method on multiple benchmark datasets, on which it not only obtains state-of-the-art adversarial robustness but also improves  ...  Acknowledgements We thank the anonymous reviewers for their insightful comments and suggestions. We are also grateful to the authors of Lee et al. (2018)  ... 
arXiv:1908.04355v4 fatcat:piwkckxbi5fxrnk75vylcytt64

On the Effectiveness of Adversarial Training in Defending against Adversarial Example Attacks for Image Classification

Sanglee Park, Jungmin So
2020 Applied Sciences  
In addition, even if the defender trains a network with multiple types of adversarial examples and the attacker attacks with one of the methods, the network could lose accuracy to the attack if the attacker  ...  However, there are numerous ways of creating adversarial examples, and the defender does not know what algorithm the attacker may use.  ...  Robustness of Adversarially Trained Network with Mismatching Data Augmentation Strategy In the previous experiments, the same augmentation strategy was used by the attacker and the defender.  ... 
doi:10.3390/app10228079 fatcat:d3wtkkejircsboonftufa34oou
« Previous Showing results 1 — 15 out of 52 results