Build a Computationally Efficient Strong Defense Against Adversarial Example Attacks

Changwei Liu; Louis DiValentin; Aolin Ding; Malek Ben Salem

doi:10.5220/0012315500003648

Build a Computationally Efficient Strong Defense Against Adversarial Example Attacks

Changwei Liu, Louis DiValentin, Aolin Ding, Malek Ben Salem

2024

Abstract

Input transformation techniques have been proposed to defend against adversarial example attacks in imageclassification systems. However, recent works have shown that, although input transformations and augmentations to adversarial samples can prevent unsophisticated adversarial example attacks, adaptive attackers can modify their optimization functions to subvert these defenses. Previous research, especially BaRT (Raff et al., 2019), has suggested building a strong defense by stochastically combining a large number of even individually weak defenses into a single barrage of randomized transformations, which subsequently increases the cost of searching the input space to levels that are not easily computationally feasible for adaptive attacks. While this research took approaches to randomly select input transformations that have different transformation effects to form a strong defense, a thorough evaluation of using well-known state-of-the-art attacks with extensive combinations has not been performed. Therefore, it is still unclear whether employing a large barrage of randomly combined input transformations ensures a robust defense. To answer these questions, we evaluated BaRT work by using a large number (33) of input transformation techniques. Contrary to BaRT’s recommendation of using five randomly combined input transformations, our findings indicate that this approach does not consistently provide robust defense against strong attacks like the PGD attack. As an improvement, we identify different combinations that only use three strong input transformations but can still provide a resilient defense.

Download

Paper Citation

in Harvard Style

Liu C., DiValentin L., Ding A. and Ben Salem M. (2024). Build a Computationally Efficient Strong Defense Against Adversarial Example Attacks. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 358-365. DOI: 10.5220/0012315500003648

in Bibtex Style

@conference{icissp24,
author={Changwei Liu and Louis DiValentin and Aolin Ding and Malek Ben Salem},
title={Build a Computationally Efficient Strong Defense Against Adversarial Example Attacks},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={358-365},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012315500003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Build a Computationally Efficient Strong Defense Against Adversarial Example Attacks
SN - 978-989-758-683-5
AU - Liu C.
AU - DiValentin L.
AU - Ding A.
AU - Ben Salem M.
PY - 2024
SP - 358
EP - 365
DO - 10.5220/0012315500003648
PB - SciTePress