TY - GEN
T1 - A detect-and-modify region-based classifier to defend evasion attacks
AU - Jiang, Jiawei
AU - Zhao, Yongxin
AU - Wu, Xi
AU - Gou, Genwang
N1 - Publisher Copyright:
© 2020 Knowledge Systems Institute Graduate School. All rights reserved.
PY - 2020
Y1 - 2020
N2 - Deep Neural Networks (DNNs) are powerful models that have achieved impressive results on image classifications. However, they are vulnerable to be attacked by adversarial examples, which are crafted to cause prediction errors in DNNs. In order to make the networks more robust and reliable, in this paper, we present an improved region-based classification to mitigate the evasion attack, which is well known to attack DNNs via generating adversarial examples. Specifically, in our framework, an image is considered as a matrix of Markov Chains and we detect possible adversarial examples according to the Image Transition Probabilities (ITPs) in Markov Chains. Furthermore, we modify the original ITPs of the detected adversarial examples by using the saliency map of ITPs, and we employ our improved region-based classification on these updated adversarial examples to get a better output prediction. Finally, our experiments illustrate that our approach reduces the test errors imposed by adversarial examples on MNIST datasets and CIFAR-10 datasets.
AB - Deep Neural Networks (DNNs) are powerful models that have achieved impressive results on image classifications. However, they are vulnerable to be attacked by adversarial examples, which are crafted to cause prediction errors in DNNs. In order to make the networks more robust and reliable, in this paper, we present an improved region-based classification to mitigate the evasion attack, which is well known to attack DNNs via generating adversarial examples. Specifically, in our framework, an image is considered as a matrix of Markov Chains and we detect possible adversarial examples according to the Image Transition Probabilities (ITPs) in Markov Chains. Furthermore, we modify the original ITPs of the detected adversarial examples by using the saliency map of ITPs, and we employ our improved region-based classification on these updated adversarial examples to get a better output prediction. Finally, our experiments illustrate that our approach reduces the test errors imposed by adversarial examples on MNIST datasets and CIFAR-10 datasets.
UR - https://www.scopus.com/pages/publications/85090506683
U2 - 10.18293/SEKE2020-039
DO - 10.18293/SEKE2020-039
M3 - 会议稿件
AN - SCOPUS:85090506683
T3 - Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE
SP - 19
EP - 24
BT - SEKE 2020 - Proceedings of the 32nd International Conference on Software Engineering and Knowledge Engineering
PB - Knowledge Systems Institute Graduate School
T2 - 32nd International Conference on Software Engineering and Knowledge Engineering, SEKE 2020
Y2 - 9 July 2020 through 19 July 2020
ER -