LOADING

Similarity-based Deep Neural Network to Detect Imperceptible Adversarial Attacks

Almeida Soares, Eduardo and Angelov, Plamen and Suri, Neeraj (2023) Similarity-based Deep Neural Network to Detect Imperceptible Adversarial Attacks. In: Proceedings of the 2022 IEEE Symposium Series on Computational Intelligence, SSCI 2022 :. Proceedings of the 2022 IEEE Symposium Series on Computational Intelligence, SSCI 2022 . IEEE, pp. 1028-1035. ISBN 9781665487689

[thumbnail of Similarity_based_Deep_Neural_Network (5)]
Text (Similarity_based_Deep_Neural_Network (5))
Similarity_based_Deep_Neural_Network_5_.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (978kB)

Abstract

Deep neural networks (DNN’s) have become essential for solving diverse complex problems and have achieved considerable success in tackling computer vision tasks. How-ever, DNN’s are vulnerable to human-imperceptible adversarial distortion/noise patterns that that can detrimentally impact safety-critical applications such as autonomous driving. In this paper, we introduce a novel robust-by-design deep learn-ing approach, Sim-DNN, that is able to detect adversarial attacks through its inner defense mechanism that considers the degree of similarity between new data samples and autonomously chosen prototypes. The approach benefits from the abrupt drop of the similarity score to detect concept changes caused by distorted/noise data when comparing their similarities against the set of prototypes. Due to the feed-forward prototype-based architecture of Sim-DNN, no re-training or adversarial training is required. In order to evaluate the robustness of the proposed method, we considered the recently introduced ImageNet-R dataset and different adversarial attack methods such as FGSM, PGD, and DDN. Different DNN’s methods were also considered in the analysis. Results have shown that the proposed Sim-DNN is able to detect adversarial attacks with better performance than its mainstream competitors. Moreover, as no adversarial training is required by Sim-DNN, its performance on clean and robust images is more stable than its competitors which require an external defense mechanism to improve their robustness.

Item Type:
Contribution in Book/Report/Proceedings
Subjects:
?? adversarial attacks ??
Departments:
Faculty of Science and Technology > School of Computing & Communications
ID Code:
180709
Deposited By:
ep_importer_pure
Deposited On:
03 Dec 2022 10:30
Refereed?:
Yes
Published?:
Published
Last Modified:
14 Apr 2024 23:38
URI:
https://eprints.lancs.ac.uk/id/eprint/180709