Defending Adversarial Attacks via Semantic Feature Manipulation
نویسندگان
چکیده
Machine learning models have demonstrated vulnerability to adversarial attacks, more specifically misclassification of examples. In this article, we propose a one-off and attack-agnostic Feature Manipulation (FM)-Defense detect purify examples in an interpretable efficient manner. The intuition is that the classification result normal image generally resistant non-significant intrinsic feature changes, e.g., varying thickness handwritten digits. contrast, are sensitive such changes since perturbation lacks transferability. To enable manipulation features, Combo-variational autoencoder applied learn disentangled latent codes reveal semantic features. resistance change over morphs, derived by reconstructing codes, used suspicious inputs. Furthermore, Combo-VAE enhanced with good quality considering class-shared class-unique We empirically demonstrate effectiveness detection purified instances. Our experiments on three datasets show FM-Defense can nearly 100 percent produced different state-of-the-art attacks. It achieves than 99 overall purification accuracy instances close manifold clean
منابع مشابه
Defending Non-Bayesian Learning against Adversarial Attacks
Abstract This paper addresses the problem of non-Bayesian learning over multi-agent networks, where agents repeatedly collect partially informative observations about an unknown state of the world, and try to collaboratively learn the true state. We focus on the impact of the adversarial agents on the performance of consensus-based non-Bayesian learning, where non-faulty agents combine local le...
متن کاملSATYA : Defending Against Adversarial Attacks Using Statistical Hypothesis Testing
The paper presents a new defense against adversarial attacks for deep neural networks. We demonstrate the effectiveness of our approach against the popular adversarial image generation method DeepFool. Our approach uses Wald’s Sequential Probability Ratio Test to sufficiently sample a carefully chosen neighborhood around an input image to determine the correct label of the image. On a benchmark...
متن کاملOn the Robustness of Semantic Segmentation Models to Adversarial Attacks
Deep Neural Networks (DNNs) have been demonstrated to perform exceptionally well on most recognition tasks such as image classification and segmentation. However, they have also been shown to be vulnerable to adversarial examples. This phenomenon has recently attracted a lot of attention but it has not been extensively studied on multiple, large-scale datasets and complex tasks such as semantic...
متن کاملDefending BitTorrent against Strategic Attacks
BitTorrent has shown to be efficient for bulk file transfer, however, it is susceptible to free riding by strategic clients like BitTyrant. Strategic peers configure the client software such that for very less or no contribution, they can obtain good download speeds. Such strategic nodes exploit the altruism in the swarm and consume resources at the expense of other honest nodes and create an u...
متن کاملDefending RFID authentication protocols against DoS attacks
In this paper, we present a security weakness of a forward secure authentication protocol proposed by Tri Van Le et al. called O-FRAP which stands for Optimistic Forward secure RFID Authentication Protocol. In particular, we point out that in the O-FRAP protocol, the server can be subject to a denial-of-service attack due to a flaw in the database querying procedure. Our attack also applies to ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Services Computing
سال: 2022
ISSN: ['1939-1374', '2372-0204']
DOI: https://doi.org/10.1109/tsc.2021.3090365