Improving Tiled Evolutionary Adversarial Attack

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216208%3A11320%2F24%3A10493456" target="_blank" >RIV/00216208:11320/24:10493456 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1007/978-3-031-74627-7_40" target="_blank" >https://doi.org/10.1007/978-3-031-74627-7_40</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-74627-7_40" target="_blank" >10.1007/978-3-031-74627-7_40</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Improving Tiled Evolutionary Adversarial Attack

Popis výsledku v původním jazyce

Adversarial examples are a well-known phenomenon in image classification. They represent maliciously altered inputs that a deep learning model classifies incorrectly, even though the added noise is almost indistinguishable to the human eye. Defense against adversarial examples can be either proactive or reactive. This paper builds upon previous work, which tests one of the state-of-the-art reactive defenses. While the previous work managed to defeat the defense using an evolutionary attack, a notable drawback was the visible adversarial noise. This work improves this by utilizing the Structural Similarity Index (SSIM) for measuring the distance between benign and adversarial inputs, and by implementing a new mutation during the evolution process. These adjustments not only created adversarial images with less visible noise, but also accelerated the process of generating them.

Název v anglickém jazyce

Improving Tiled Evolutionary Adversarial Attack

Popis výsledku anglicky

Adversarial examples are a well-known phenomenon in image classification. They represent maliciously altered inputs that a deep learning model classifies incorrectly, even though the added noise is almost indistinguishable to the human eye. Defense against adversarial examples can be either proactive or reactive. This paper builds upon previous work, which tests one of the state-of-the-art reactive defenses. While the previous work managed to defeat the defense using an evolutionary attack, a notable drawback was the visible adversarial noise. This work improves this by utilizing the Structural Similarity Index (SSIM) for measuring the distance between benign and adversarial inputs, and by implementing a new mutation during the evolution process. These adjustments not only created adversarial images with less visible noise, but also accelerated the process of generating them.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Machine Learning and Principles and Practice of Knowledge Discovery in Databases

ISBN

978-3-031-74627-7

ISSN

1865-0937

e-ISSN

1865-0937

Počet stran výsledku

11

Strana od-do

480-490

Název nakladatele

Springer

Místo vydání

Cham

Místo konání akce

Turin, Italy

Datum konání akce

18. 9. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—