TY - GEN

T1 - Similarity-based Deep Neural Network to Detect Imperceptible Adversarial Attacks

AU - Almeida Soares, Eduardo

AU - Angelov, Plamen

AU - Suri, Neeraj

PY - 2023/1/30

Y1 - 2023/1/30

N2 - Deep neural networks (DNN’s) have become essential for solving diverse complex problems and have achieved considerable success in tackling computer vision tasks. How-ever, DNN’s are vulnerable to human-imperceptible adversarial distortion/noise patterns that that can detrimentally impact safety-critical applications such as autonomous driving. In this paper, we introduce a novel robust-by-design deep learn-ing approach, Sim-DNN, that is able to detect adversarial attacks through its inner defense mechanism that considers the degree of similarity between new data samples and autonomously chosen prototypes. The approach benefits from the abrupt drop of the similarity score to detect concept changes caused by distorted/noise data when comparing their similarities against the set of prototypes. Due to the feed-forward prototype-based architecture of Sim-DNN, no re-training or adversarial training is required. In order to evaluate the robustness of the proposed method, we considered the recently introduced ImageNet-R dataset and different adversarial attack methods such as FGSM, PGD, and DDN. Different DNN’s methods were also considered in the analysis. Results have shown that the proposed Sim-DNN is able to detect adversarial attacks with better performance than its mainstream competitors. Moreover, as no adversarial training is required by Sim-DNN, its performance on clean and robust images is more stable than its competitors which require an external defense mechanism to improve their robustness.

AB - Deep neural networks (DNN’s) have become essential for solving diverse complex problems and have achieved considerable success in tackling computer vision tasks. How-ever, DNN’s are vulnerable to human-imperceptible adversarial distortion/noise patterns that that can detrimentally impact safety-critical applications such as autonomous driving. In this paper, we introduce a novel robust-by-design deep learn-ing approach, Sim-DNN, that is able to detect adversarial attacks through its inner defense mechanism that considers the degree of similarity between new data samples and autonomously chosen prototypes. The approach benefits from the abrupt drop of the similarity score to detect concept changes caused by distorted/noise data when comparing their similarities against the set of prototypes. Due to the feed-forward prototype-based architecture of Sim-DNN, no re-training or adversarial training is required. In order to evaluate the robustness of the proposed method, we considered the recently introduced ImageNet-R dataset and different adversarial attack methods such as FGSM, PGD, and DDN. Different DNN’s methods were also considered in the analysis. Results have shown that the proposed Sim-DNN is able to detect adversarial attacks with better performance than its mainstream competitors. Moreover, as no adversarial training is required by Sim-DNN, its performance on clean and robust images is more stable than its competitors which require an external defense mechanism to improve their robustness.

KW - adversarial attacks

U2 - 10.1109/SSCI51031.2022.10022016

DO - 10.1109/SSCI51031.2022.10022016

M3 - Conference contribution/Paper

T3 - Proceedings of the 2022 IEEE Symposium Series on Computational Intelligence, SSCI 2022

SP - 1028

EP - 1035

BT - Proceedings of the 2022 IEEE Symposium Series on Computational Intelligence, SSCI 2022

A2 - Ishibuchi, Hisao

A2 - Kwoh, Chee-Keong

A2 - Tan, Ah-Hwee

A2 - Srinivasan, Dipti

A2 - Miao, Chunyan

A2 - Trivedi, Anupam

A2 - Crockett, Keeley

PB - IEEE

ER -