EnglishSvenskaNorsk
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Evaluation of Defense Methods Against the One-Pixel Attack on Deep Neural Networks
Blekinge Tekniska Högskola. student.
Blekinge Tekniska Högskola. student.
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för datavetenskap.ORCID-id: 0000-0002-9316-4842
2023 (engelsk)Inngår i: 35th Annual Workshop of the Swedish Artificial Intelligence Society SAIS 2023 / [ed] Håkan Grahn, Anton Borg and Martin Boldt, Linköping University Electronic Press, 2023, s. 49-57Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

The one-pixel attack is an image attack method for creating adversarial instances with minimal perturbations, i.e., pixel modification. The attack method makes the adversarial instances difficult to detect as it only manipulates a single pixel in the image. In this paper, we study four different defense approaches against adversarial attacks, and more specifically the one-pixel attack, over three different models. The defense methods used are: data augmentation, spatial smoothing, and Gaussian data augmentation used during both training and testing. The empirical experiments involve the following three models: all convolutional network (CNN), network in network (NiN), and the convolutional neural network VGG16. Experiments were executed and the results show that Gaussian data augmentation performs quite poorly when applied during the prediction phase. When used during the training phase, we see a reduction in the number of instances that could be perturbed by the NiN model. However, the CNN model shows an overall significantly worse performance compared to no defense technique. Spatial smoothing shows an ability to reduce the effectiveness of the one-pixel attack, and it is on average able to defend against half of the adversarial examples. Data augmentation also shows promising results, reducing the number of successfully perturbed images for both the CNN and NiN models. However, data augmentation leads to slightly worse overall model performance for the NiN and VGG16 models. Interestingly, it significantly improves the performance for the CNN model. We conclude that the most suitable defense is dependent on the model used. For the CNN model, our results indicate that a combination of data augmentation and spatial smoothing is a suitable defense setup. For the NiN and VGG16 models, a combination of Gaussian data augmentation together with spatial smoothing is more promising. Finally, the experiments indicate that applying Gaussian noise during the prediction phase is not a workable defense against the one-pixel attack. ©2023, Copyright held by the authors   
sted, utgiver, år, opplag, sider
Linköping University Electronic Press, 2023. s. 49-57
Serie
Linköping Electronic Conference Proceedings, ISSN 1650-3686, E-ISSN 1650-3740
HSV kategori
Identifikatorer
URN: urn:nbn:se:bth-25418DOI: 10.3384/ecp199005ISBN: 9789180752749 (digital)OAI: oai:DiVA.org:bth-25418DiVA, id: diva2:1800649
Konferanse
The 35th Swedish Artificial Intelligence Society (SAIS'23) annual workshop, Karlskrona, 12-13 June 2023
Tilgjengelig fra: 2023-09-27 Laget: 2023-09-27 Sist oppdatert: 2025-09-30bibliografisk kontrollert

Open Access i DiVA

fulltext(454 kB)150 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 454 kBChecksum SHA-512
60a023067dcd1ea93795da4ffdf9e93d0ffd486a1f0c08b7bc5c97ddf5566e56d3cc1056a231f48b487d1e3981edc5f7a903e7479a5c06584c7446c1a28a33c5
Type fulltextMimetype application/pdf

Andre lenker

Forlagets fulltekst

Person

Boldt, Martin

Søk i DiVA

Av forfatter/redaktør
Boldt, Martin
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 150 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

doi
isbn
urn-nbn

Altmetric

doi
isbn
urn-nbn
Totalt: 891 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
BTHs bibliotek
|
Publicera
|
Hur jag publicerar/registrerar
|
Diva portal
|
SwePub
|
Uppsök