Adversarial Example Defense via Perturbation Grading Strategy

Shaowei Zhu; Wanli Lyu; Bin Li; Zhaoxia Yin; Bin Luo

doi:10.1007/978-981-99-0856-1_30

Adversarial Example Defense via Perturbation Grading Strategy

Shaowei Zhu, Wanli Lyu, Bin Li, Zhaoxia Yin, Bin Luo

School of Communication and Electronic Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Deep Neural Networks have been widely used in many fields. However, studies have shown that DNNs are easily attacked by adversarial examples, which have tiny perturbations and greatly mislead the correct judgment of DNNs. Furthermore, even if malicious attackers cannot obtain all the underlying model parameters, they can use adversarial examples to attack various DNN-based task systems. Researchers have proposed various defense methods to protect DNNs, such as reducing the aggressiveness of adversarial examples by preprocessing or improving the robustness of the model by adding modules. However, some defense methods are only effective for small-scale examples or small perturbations but have limited defense effects for adversarial examples with large perturbations. This paper assigns different defense strategies to adversarial perturbations of different strengths by grading the perturbations on the input examples. Experimental results show that the proposed method effectively improves defense performance. In addition, the proposed method does not modify any task model, which can be used as a preprocessing module, which significantly reduces the deployment cost in practical applications.

Original language	English
Title of host publication	Digital Multimedia Communications - The 9th International Forum, IFTC 2022, Revised Selected Papers
Editors	Guangtao Zhai, Jun Zhou, Hua Yang, Xiaokang Yang, Jia Wang, Ping An
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	407-420
Number of pages	14
ISBN (Print)	9789819908554
DOIs	https://doi.org/10.1007/978-981-99-0856-1_30
State	Published - 2023
Event	9th International Forum on Digital Multimedia Communication, IFTC 2022 - Shanghai, China Duration: 9 Dec 2022 → 9 Dec 2022

Publication series

Name	Communications in Computer and Information Science
Volume	1766 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	9th International Forum on Digital Multimedia Communication, IFTC 2022
Country/Territory	China
City	Shanghai
Period	9/12/22 → 9/12/22

Keywords

Adversarial defense
Adversarial examples
Deep Neural Network
Image denoising
JPEG compression

Access to Document

10.1007/978-981-99-0856-1_30

Cite this

Zhu, S., Lyu, W., Li, B., Yin, Z., & Luo, B. (2023). Adversarial Example Defense via Perturbation Grading Strategy. In G. Zhai, J. Zhou, H. Yang, X. Yang, J. Wang, & P. An (Eds.), Digital Multimedia Communications - The 9th International Forum, IFTC 2022, Revised Selected Papers (pp. 407-420). (Communications in Computer and Information Science; Vol. 1766 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-99-0856-1_30

Zhu, Shaowei ; Lyu, Wanli ; Li, Bin et al. / Adversarial Example Defense via Perturbation Grading Strategy. Digital Multimedia Communications - The 9th International Forum, IFTC 2022, Revised Selected Papers. editor / Guangtao Zhai ; Jun Zhou ; Hua Yang ; Xiaokang Yang ; Jia Wang ; Ping An. Springer Science and Business Media Deutschland GmbH, 2023. pp. 407-420 (Communications in Computer and Information Science).

@inproceedings{b0b3175033ad49909d610f42517d9652,

title = "Adversarial Example Defense via Perturbation Grading Strategy",

abstract = "Deep Neural Networks have been widely used in many fields. However, studies have shown that DNNs are easily attacked by adversarial examples, which have tiny perturbations and greatly mislead the correct judgment of DNNs. Furthermore, even if malicious attackers cannot obtain all the underlying model parameters, they can use adversarial examples to attack various DNN-based task systems. Researchers have proposed various defense methods to protect DNNs, such as reducing the aggressiveness of adversarial examples by preprocessing or improving the robustness of the model by adding modules. However, some defense methods are only effective for small-scale examples or small perturbations but have limited defense effects for adversarial examples with large perturbations. This paper assigns different defense strategies to adversarial perturbations of different strengths by grading the perturbations on the input examples. Experimental results show that the proposed method effectively improves defense performance. In addition, the proposed method does not modify any task model, which can be used as a preprocessing module, which significantly reduces the deployment cost in practical applications.",

keywords = "Adversarial defense, Adversarial examples, Deep Neural Network, Image denoising, JPEG compression",

author = "Shaowei Zhu and Wanli Lyu and Bin Li and Zhaoxia Yin and Bin Luo",

note = "Publisher Copyright: {\textcopyright} 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.; 9th International Forum on Digital Multimedia Communication, IFTC 2022 ; Conference date: 09-12-2022 Through 09-12-2022",

year = "2023",

doi = "10.1007/978-981-99-0856-1\_30",

language = "英语",

isbn = "9789819908554",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "407--420",

editor = "Guangtao Zhai and Jun Zhou and Hua Yang and Xiaokang Yang and Jia Wang and Ping An",

booktitle = "Digital Multimedia Communications - The 9th International Forum, IFTC 2022, Revised Selected Papers",

address = "德国",

}

Zhu, S, Lyu, W, Li, B, Yin, Z & Luo, B 2023, Adversarial Example Defense via Perturbation Grading Strategy. in G Zhai, J Zhou, H Yang, X Yang, J Wang & P An (eds), Digital Multimedia Communications - The 9th International Forum, IFTC 2022, Revised Selected Papers. Communications in Computer and Information Science, vol. 1766 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 407-420, 9th International Forum on Digital Multimedia Communication, IFTC 2022, Shanghai, China, 9/12/22. https://doi.org/10.1007/978-981-99-0856-1_30

Adversarial Example Defense via Perturbation Grading Strategy. / Zhu, Shaowei; Lyu, Wanli; Li, Bin et al.
Digital Multimedia Communications - The 9th International Forum, IFTC 2022, Revised Selected Papers. ed. / Guangtao Zhai; Jun Zhou; Hua Yang; Xiaokang Yang; Jia Wang; Ping An. Springer Science and Business Media Deutschland GmbH, 2023. p. 407-420 (Communications in Computer and Information Science; Vol. 1766 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Adversarial Example Defense via Perturbation Grading Strategy

AU - Zhu, Shaowei

AU - Lyu, Wanli

AU - Li, Bin

AU - Yin, Zhaoxia

AU - Luo, Bin

PY - 2023

Y1 - 2023

N2 - Deep Neural Networks have been widely used in many fields. However, studies have shown that DNNs are easily attacked by adversarial examples, which have tiny perturbations and greatly mislead the correct judgment of DNNs. Furthermore, even if malicious attackers cannot obtain all the underlying model parameters, they can use adversarial examples to attack various DNN-based task systems. Researchers have proposed various defense methods to protect DNNs, such as reducing the aggressiveness of adversarial examples by preprocessing or improving the robustness of the model by adding modules. However, some defense methods are only effective for small-scale examples or small perturbations but have limited defense effects for adversarial examples with large perturbations. This paper assigns different defense strategies to adversarial perturbations of different strengths by grading the perturbations on the input examples. Experimental results show that the proposed method effectively improves defense performance. In addition, the proposed method does not modify any task model, which can be used as a preprocessing module, which significantly reduces the deployment cost in practical applications.

AB - Deep Neural Networks have been widely used in many fields. However, studies have shown that DNNs are easily attacked by adversarial examples, which have tiny perturbations and greatly mislead the correct judgment of DNNs. Furthermore, even if malicious attackers cannot obtain all the underlying model parameters, they can use adversarial examples to attack various DNN-based task systems. Researchers have proposed various defense methods to protect DNNs, such as reducing the aggressiveness of adversarial examples by preprocessing or improving the robustness of the model by adding modules. However, some defense methods are only effective for small-scale examples or small perturbations but have limited defense effects for adversarial examples with large perturbations. This paper assigns different defense strategies to adversarial perturbations of different strengths by grading the perturbations on the input examples. Experimental results show that the proposed method effectively improves defense performance. In addition, the proposed method does not modify any task model, which can be used as a preprocessing module, which significantly reduces the deployment cost in practical applications.

KW - Adversarial defense

KW - Adversarial examples

KW - Deep Neural Network

KW - Image denoising

KW - JPEG compression

UR - https://www.scopus.com/pages/publications/85151059537

U2 - 10.1007/978-981-99-0856-1_30

DO - 10.1007/978-981-99-0856-1_30

M3 - 会议稿件

AN - SCOPUS:85151059537

SN - 9789819908554

T3 - Communications in Computer and Information Science

SP - 407

EP - 420

BT - Digital Multimedia Communications - The 9th International Forum, IFTC 2022, Revised Selected Papers

A2 - Zhai, Guangtao

A2 - Zhou, Jun

A2 - Yang, Hua

A2 - Yang, Xiaokang

A2 - Wang, Jia

A2 - An, Ping

PB - Springer Science and Business Media Deutschland GmbH

T2 - 9th International Forum on Digital Multimedia Communication, IFTC 2022

Y2 - 9 December 2022 through 9 December 2022

ER -

Zhu S, Lyu W, Li B, Yin Z, Luo B. Adversarial Example Defense via Perturbation Grading Strategy. In Zhai G, Zhou J, Yang H, Yang X, Wang J, An P, editors, Digital Multimedia Communications - The 9th International Forum, IFTC 2022, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2023. p. 407-420. (Communications in Computer and Information Science). doi: 10.1007/978-981-99-0856-1_30