IEICE Technical Committee Submission System
Conference Paper's Information
Online Proceedings
[Sign in]
Tech. Rep. Archives
 Go Top Page Go Previous   [Japanese] / [English] 

Paper Abstract and Keywords
Presentation 2021-05-21 13:10
A Study of Detecting Adversarial Examples Using Sensitivities to Multiple Auto Encoders
Yuma Yamasaki, Minoru Kuribayashi, Nobuo Funabiki (Okayama Univ.), Huy Hong Nguyen, Isao Echizen (NII) IT2021-11 EMM2021-11
Abstract (in Japanese) (See Japanese page) 
(in English) By removing the small perturbations involved in adversarial examples, the image classification result returns to the correct label of the image, and by gradually increasing the strength of the filter that removes the noise, the image classification result is characterized. In the previous study, we focused on this point and trained a neural network using the image classification results after denoising by each filter with varying the strength as supervisory data to identify adversarial examples. However, since JPEG compression and scaling, which are well-known techniques, are used for denoising filters, the adversarial attack may be adjusted for such filters to fool the detector. In this study, we use an unsupervised machine learning model, Auto Encoder, which is trained on a specific dataset, as a black box filter, to enhance the security aspect. We designed several types of auto encoders with different characteristics by changing the number of images used for training, and evaluated the accuracy of its discrimination capability using each filter alone or in combination. As a result, it was confirmed that the noise removal effect was improved by combining some auto encoders, adversarial examples could be identified with an accuracy of over 90%.
Keyword (in Japanese) (See Japanese page) 
(in English) Adversarial Example / Image Classifier / Auto Encoder / Noise Removal Filter / / / /  
Reference Info. IEICE Tech. Rep., vol. 121, no. 29, EMM2021-11, pp. 60-65, May 2021.
Paper # EMM2021-11 
Date of Issue 2021-05-13 (IT, EMM) 
ISSN Online edition: ISSN 2432-6380
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034)
Download PDF IT2021-11 EMM2021-11

Conference Information
Committee EMM IT  
Conference Date 2021-05-20 - 2021-05-21 
Place (in Japanese) (See Japanese page) 
Place (in English) Online 
Topics (in Japanese) (See Japanese page) 
Topics (in English) Information Security, Information Theory, Information Hiding, etc. 
Paper Information
Registration To EMM 
Conference Code 2021-05-EMM-IT 
Language Japanese 
Title (in Japanese) (See Japanese page) 
Sub Title (in Japanese) (See Japanese page) 
Title (in English) A Study of Detecting Adversarial Examples Using Sensitivities to Multiple Auto Encoders 
Sub Title (in English)  
Keyword(1) Adversarial Example  
Keyword(2) Image Classifier  
Keyword(3) Auto Encoder  
Keyword(4) Noise Removal Filter  
1st Author's Name Yuma Yamasaki  
1st Author's Affiliation Okayama University (Okayama Univ.)
2nd Author's Name Minoru Kuribayashi  
2nd Author's Affiliation Okayama University (Okayama Univ.)
3rd Author's Name Nobuo Funabiki  
3rd Author's Affiliation Okayama University (Okayama Univ.)
4th Author's Name Huy Hong Nguyen  
4th Author's Affiliation NII (NII)
5th Author's Name Isao Echizen  
5th Author's Affiliation NII (NII)
6th Author's Name  
6th Author's Affiliation ()
7th Author's Name  
7th Author's Affiliation ()
8th Author's Name  
8th Author's Affiliation ()
9th Author's Name  
9th Author's Affiliation ()
10th Author's Name  
10th Author's Affiliation ()
11th Author's Name  
11th Author's Affiliation ()
12th Author's Name  
12th Author's Affiliation ()
13th Author's Name  
13th Author's Affiliation ()
14th Author's Name  
14th Author's Affiliation ()
15th Author's Name  
15th Author's Affiliation ()
16th Author's Name  
16th Author's Affiliation ()
17th Author's Name  
17th Author's Affiliation ()
18th Author's Name  
18th Author's Affiliation ()
19th Author's Name  
19th Author's Affiliation ()
20th Author's Name  
20th Author's Affiliation ()
Speaker Author-1 
Date Time 2021-05-21 13:10:00 
Presentation Time 25 minutes 
Registration for EMM 
Paper # IT2021-11, EMM2021-11 
Volume (vol) vol.121 
Number (no) no.28(IT), no.29(EMM) 
Page pp.60-65 
Date of Issue 2021-05-13 (IT, EMM) 

[Return to Top Page]

[Return to IEICE Web Page]

The Institute of Electronics, Information and Communication Engineers (IEICE), Japan