EnglishSvenskaNorsk
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Evaluation of Defense Methods Against the One-Pixel Attack on Deep Neural Networks
Blekinge Tekniska Högskola. student.
Blekinge Tekniska Högskola. student.
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för datavetenskap.ORCID-id: 0000-0002-9316-4842
2023 (Engelska)Ingår i: 35th Annual Workshop of the Swedish Artificial Intelligence Society SAIS 2023 / [ed] Håkan Grahn, Anton Borg and Martin Boldt, Linköping University Electronic Press, 2023, s. 49-57Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

The one-pixel attack is an image attack method for creating adversarial instances with minimal perturbations, i.e., pixel modification. The attack method makes the adversarial instances difficult to detect as it only manipulates a single pixel in the image. In this paper, we study four different defense approaches against adversarial attacks, and more specifically the one-pixel attack, over three different models. The defense methods used are: data augmentation, spatial smoothing, and Gaussian data augmentation used during both training and testing. The empirical experiments involve the following three models: all convolutional network (CNN), network in network (NiN), and the convolutional neural network VGG16. Experiments were executed and the results show that Gaussian data augmentation performs quite poorly when applied during the prediction phase. When used during the training phase, we see a reduction in the number of instances that could be perturbed by the NiN model. However, the CNN model shows an overall significantly worse performance compared to no defense technique. Spatial smoothing shows an ability to reduce the effectiveness of the one-pixel attack, and it is on average able to defend against half of the adversarial examples. Data augmentation also shows promising results, reducing the number of successfully perturbed images for both the CNN and NiN models. However, data augmentation leads to slightly worse overall model performance for the NiN and VGG16 models. Interestingly, it significantly improves the performance for the CNN model. We conclude that the most suitable defense is dependent on the model used. For the CNN model, our results indicate that a combination of data augmentation and spatial smoothing is a suitable defense setup. For the NiN and VGG16 models, a combination of Gaussian data augmentation together with spatial smoothing is more promising. Finally, the experiments indicate that applying Gaussian noise during the prediction phase is not a workable defense against the one-pixel attack. ©2023, Copyright held by the authors   
Ort, förlag, år, upplaga, sidor
Linköping University Electronic Press, 2023. s. 49-57
Serie
Linköping Electronic Conference Proceedings, ISSN 1650-3686, E-ISSN 1650-3740
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:bth-25418DOI: 10.3384/ecp199005ISBN: 9789180752749 (digital)OAI: oai:DiVA.org:bth-25418DiVA, id: diva2:1800649
Konferens
The 35th Swedish Artificial Intelligence Society (SAIS'23) annual workshop, Karlskrona, 12-13 June 2023
Tillgänglig från: 2023-09-27 Skapad: 2023-09-27 Senast uppdaterad: 2025-09-30Bibliografiskt granskad

Open Access i DiVA

fulltext(454 kB)150 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 454 kBChecksumma SHA-512
60a023067dcd1ea93795da4ffdf9e93d0ffd486a1f0c08b7bc5c97ddf5566e56d3cc1056a231f48b487d1e3981edc5f7a903e7479a5c06584c7446c1a28a33c5
Typ fulltextMimetyp application/pdf

Övriga länkar

Förlagets fulltext

Person

Boldt, Martin

Sök vidare i DiVA

Av författaren/redaktören
Boldt, Martin
Av organisationen
Blekinge Tekniska HögskolaInstitutionen för datavetenskap
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 150 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 891 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
BTHs bibliotek
|
Publicera
|
Hur jag publicerar/registrerar
|
Diva portal
|
SwePub
|
Uppsök