loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Changwei Liu ; Louis DiValentin ; Aolin Ding and Malek Ben Salem

Affiliation: Accenture Cyber Labs, 1201 Wilson Blvd, Arlington, VA, U.S.A.

Keyword(s): Adversarial Example Attack, Input Transformation Ensembles, Adversarial Example Defense.

Abstract: Input transformation techniques have been proposed to defend against adversarial example attacks in imageclassification systems. However, recent works have shown that, although input transformations and augmentations to adversarial samples can prevent unsophisticated adversarial example attacks, adaptive attackers can modify their optimization functions to subvert these defenses. Previous research, especially BaRT (Raff et al., 2019), has suggested building a strong defense by stochastically combining a large number of even individually weak defenses into a single barrage of randomized transformations, which subsequently increases the cost of searching the input space to levels that are not easily computationally feasible for adaptive attacks. While this research took approaches to randomly select input transformations that have different transformation effects to form a strong defense, a thorough evaluation of using well-known state-of-the-art attacks with extensive combinations has not been performed. Therefore, it is still unclear whether employing a large barrage of randomly combined input transformations ensures a robust defense. To answer these questions, we evaluated BaRT work by using a large number (33) of input transformation techniques. Contrary to BaRT’s recommendation of using five randomly combined input transformations, our findings indicate that this approach does not consistently provide robust defense against strong attacks like the PGD attack. As an improvement, we identify different combinations that only use three strong input transformations but can still provide a resilient defense. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 216.73.216.141

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Liu, C., DiValentin, L., Ding, A. and Ben Salem, M. (2024). Build a Computationally Efficient Strong Defense Against Adversarial Example Attacks. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-683-5; ISSN 2184-4356, SciTePress, pages 358-365. DOI: 10.5220/0012315500003648

@conference{icissp24,
author={Changwei Liu and Louis DiValentin and Aolin Ding and Malek {Ben Salem}},
title={Build a Computationally Efficient Strong Defense Against Adversarial Example Attacks},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP},
year={2024},
pages={358-365},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012315500003648},
isbn={978-989-758-683-5},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP
TI - Build a Computationally Efficient Strong Defense Against Adversarial Example Attacks
SN - 978-989-758-683-5
IS - 2184-4356
AU - Liu, C.
AU - DiValentin, L.
AU - Ding, A.
AU - Ben Salem, M.
PY - 2024
SP - 358
EP - 365
DO - 10.5220/0012315500003648
PB - SciTePress