War: An Efficient Pre-processing Method for Defending Adversarial Attacks

Zhaoxia Yin; Hua Wang; Jie Wang

doi:10.1007/978-3-030-62460-6_46

War: An Efficient Pre-processing Method for Defending Adversarial Attacks

Zhaoxia Yin^*
, Hua Wang
, Jie Wang

^*Corresponding author for this work

Anhui University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

Deep neural networks (DNNs) have achieved extraordinary successes in many fields such as image classification. However, they are vulnerable to adversarial examples generated by adding slight perturbations to the input images, leading incorrect classification results. Due to the serious threats of adversarial examples, it is necessary to find a simple and practical way to defend against adversarial attacks. In this paper, we present an efficient preprocessing method called War (WebP compression and resizing operation) for defending adversarial examples. WebP compression is first performed on the input sample to remove the imperceptible perturbations from the adversarial example. Then, the compressed image is appropriately resized to further destroy the specific structure of the adversarial perturbations. Finally, we can get a clean sample that can be correctly classified by the model. Extensive experiments show that our method outperforms the state-of-the-art defense methods. It can effectively defend adversarial attacks while ensure the classification accuracy on the normal samples drops slightly. Moreover, it only requires a particularly short pre-processing time.

Original language	English
Title of host publication	Machine Learning for Cyber Security - Third International Conference, ML4CS 2020, Proceedings
Editors	Xiaofeng Chen, Hongyang Yan, Qiben Yan, Xiangliang Zhang
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	514-524
Number of pages	11
ISBN (Print)	9783030624590
DOIs	https://doi.org/10.1007/978-3-030-62460-6_46
State	Published - 2020
Externally published	Yes
Event	3rd International Conference on Machine Learning for Cyber Security, ML4CS 2020 - Guangzhou, China Duration: 8 Oct 2020 → 10 Oct 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12487 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	3rd International Conference on Machine Learning for Cyber Security, ML4CS 2020
Country/Territory	China
City	Guangzhou
Period	8/10/20 → 10/10/20

Keywords

Adversarial examples
Deep neural network
Image classification
Resizing operation
Webp compression

Access to Document

10.1007/978-3-030-62460-6_46

Cite this

Yin, Z., Wang, H., & Wang, J. (2020). War: An Efficient Pre-processing Method for Defending Adversarial Attacks. In X. Chen, H. Yan, Q. Yan, & X. Zhang (Eds.), Machine Learning for Cyber Security - Third International Conference, ML4CS 2020, Proceedings (pp. 514-524). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12487 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-62460-6_46

Yin, Zhaoxia ; Wang, Hua ; Wang, Jie. / War : An Efficient Pre-processing Method for Defending Adversarial Attacks. Machine Learning for Cyber Security - Third International Conference, ML4CS 2020, Proceedings. editor / Xiaofeng Chen ; Hongyang Yan ; Qiben Yan ; Xiangliang Zhang. Springer Science and Business Media Deutschland GmbH, 2020. pp. 514-524 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{0224106c3297483e9bbd5baede124fbe,

title = "War: An Efficient Pre-processing Method for Defending Adversarial Attacks",

abstract = "Deep neural networks (DNNs) have achieved extraordinary successes in many fields such as image classification. However, they are vulnerable to adversarial examples generated by adding slight perturbations to the input images, leading incorrect classification results. Due to the serious threats of adversarial examples, it is necessary to find a simple and practical way to defend against adversarial attacks. In this paper, we present an efficient preprocessing method called War (WebP compression and resizing operation) for defending adversarial examples. WebP compression is first performed on the input sample to remove the imperceptible perturbations from the adversarial example. Then, the compressed image is appropriately resized to further destroy the specific structure of the adversarial perturbations. Finally, we can get a clean sample that can be correctly classified by the model. Extensive experiments show that our method outperforms the state-of-the-art defense methods. It can effectively defend adversarial attacks while ensure the classification accuracy on the normal samples drops slightly. Moreover, it only requires a particularly short pre-processing time.",

keywords = "Adversarial examples, Deep neural network, Image classification, Resizing operation, Webp compression",

author = "Zhaoxia Yin and Hua Wang and Jie Wang",

note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.; 3rd International Conference on Machine Learning for Cyber Security, ML4CS 2020 ; Conference date: 08-10-2020 Through 10-10-2020",

year = "2020",

doi = "10.1007/978-3-030-62460-6\_46",

language = "英语",

isbn = "9783030624590",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "514--524",

editor = "Xiaofeng Chen and Hongyang Yan and Qiben Yan and Xiangliang Zhang",

booktitle = "Machine Learning for Cyber Security - Third International Conference, ML4CS 2020, Proceedings",

address = "德国",

}

Yin, Z, Wang, H & Wang, J 2020, War: An Efficient Pre-processing Method for Defending Adversarial Attacks. in X Chen, H Yan, Q Yan & X Zhang (eds), Machine Learning for Cyber Security - Third International Conference, ML4CS 2020, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12487 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 514-524, 3rd International Conference on Machine Learning for Cyber Security, ML4CS 2020, Guangzhou, China, 8/10/20. https://doi.org/10.1007/978-3-030-62460-6_46

War: An Efficient Pre-processing Method for Defending Adversarial Attacks. / Yin, Zhaoxia; Wang, Hua; Wang, Jie.
Machine Learning for Cyber Security - Third International Conference, ML4CS 2020, Proceedings. ed. / Xiaofeng Chen; Hongyang Yan; Qiben Yan; Xiangliang Zhang. Springer Science and Business Media Deutschland GmbH, 2020. p. 514-524 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12487 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - War

T2 - 3rd International Conference on Machine Learning for Cyber Security, ML4CS 2020

AU - Yin, Zhaoxia

AU - Wang, Hua

AU - Wang, Jie

PY - 2020

Y1 - 2020

N2 - Deep neural networks (DNNs) have achieved extraordinary successes in many fields such as image classification. However, they are vulnerable to adversarial examples generated by adding slight perturbations to the input images, leading incorrect classification results. Due to the serious threats of adversarial examples, it is necessary to find a simple and practical way to defend against adversarial attacks. In this paper, we present an efficient preprocessing method called War (WebP compression and resizing operation) for defending adversarial examples. WebP compression is first performed on the input sample to remove the imperceptible perturbations from the adversarial example. Then, the compressed image is appropriately resized to further destroy the specific structure of the adversarial perturbations. Finally, we can get a clean sample that can be correctly classified by the model. Extensive experiments show that our method outperforms the state-of-the-art defense methods. It can effectively defend adversarial attacks while ensure the classification accuracy on the normal samples drops slightly. Moreover, it only requires a particularly short pre-processing time.

AB - Deep neural networks (DNNs) have achieved extraordinary successes in many fields such as image classification. However, they are vulnerable to adversarial examples generated by adding slight perturbations to the input images, leading incorrect classification results. Due to the serious threats of adversarial examples, it is necessary to find a simple and practical way to defend against adversarial attacks. In this paper, we present an efficient preprocessing method called War (WebP compression and resizing operation) for defending adversarial examples. WebP compression is first performed on the input sample to remove the imperceptible perturbations from the adversarial example. Then, the compressed image is appropriately resized to further destroy the specific structure of the adversarial perturbations. Finally, we can get a clean sample that can be correctly classified by the model. Extensive experiments show that our method outperforms the state-of-the-art defense methods. It can effectively defend adversarial attacks while ensure the classification accuracy on the normal samples drops slightly. Moreover, it only requires a particularly short pre-processing time.

KW - Adversarial examples

KW - Deep neural network

KW - Image classification

KW - Resizing operation

KW - Webp compression

UR - https://www.scopus.com/pages/publications/85097152275

U2 - 10.1007/978-3-030-62460-6_46

DO - 10.1007/978-3-030-62460-6_46

M3 - 会议稿件

AN - SCOPUS:85097152275

SN - 9783030624590

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 514

EP - 524

BT - Machine Learning for Cyber Security - Third International Conference, ML4CS 2020, Proceedings

A2 - Chen, Xiaofeng

A2 - Yan, Hongyang

A2 - Yan, Qiben

A2 - Zhang, Xiangliang

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 8 October 2020 through 10 October 2020

ER -

Yin Z, Wang H, Wang J. War: An Efficient Pre-processing Method for Defending Adversarial Attacks. In Chen X, Yan H, Yan Q, Zhang X, editors, Machine Learning for Cyber Security - Third International Conference, ML4CS 2020, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 514-524. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-62460-6_46

War: An Efficient Pre-processing Method for Defending Adversarial Attacks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this