Paper Abstract and Keywords |
Presentation |
2021-05-21 13:10
A Study of Detecting Adversarial Examples Using Sensitivities to Multiple Auto Encoders Yuma Yamasaki, Minoru Kuribayashi, Nobuo Funabiki (Okayama Univ.), Huy Hong Nguyen, Isao Echizen (NII) IT2021-11 EMM2021-11 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
By removing the small perturbations involved in adversarial examples, the image classification result returns to the correct label of the image, and by gradually increasing the strength of the filter that removes the noise, the image classification result is characterized. In the previous study, we focused on this point and trained a neural network using the image classification results after denoising by each filter with varying the strength as supervisory data to identify adversarial examples. However, since JPEG compression and scaling, which are well-known techniques, are used for denoising filters, the adversarial attack may be adjusted for such filters to fool the detector. In this study, we use an unsupervised machine learning model, Auto Encoder, which is trained on a specific dataset, as a black box filter, to enhance the security aspect. We designed several types of auto encoders with different characteristics by changing the number of images used for training, and evaluated the accuracy of its discrimination capability using each filter alone or in combination. As a result, it was confirmed that the noise removal effect was improved by combining some auto encoders, adversarial examples could be identified with an accuracy of over 90%. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Adversarial Example / Image Classifier / Auto Encoder / Noise Removal Filter / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 121, no. 29, EMM2021-11, pp. 60-65, May 2021. |
Paper # |
EMM2021-11 |
Date of Issue |
2021-05-13 (IT, EMM) |
ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
IT2021-11 EMM2021-11 |
Conference Information |
Committee |
EMM IT |
Conference Date |
2021-05-20 - 2021-05-21 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Online |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Information Security, Information Theory, Information Hiding, etc. |
Paper Information |
Registration To |
EMM |
Conference Code |
2021-05-EMM-IT |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
A Study of Detecting Adversarial Examples Using Sensitivities to Multiple Auto Encoders |
Sub Title (in English) |
|
Keyword(1) |
Adversarial Example |
Keyword(2) |
Image Classifier |
Keyword(3) |
Auto Encoder |
Keyword(4) |
Noise Removal Filter |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Yuma Yamasaki |
1st Author's Affiliation |
Okayama University (Okayama Univ.) |
2nd Author's Name |
Minoru Kuribayashi |
2nd Author's Affiliation |
Okayama University (Okayama Univ.) |
3rd Author's Name |
Nobuo Funabiki |
3rd Author's Affiliation |
Okayama University (Okayama Univ.) |
4th Author's Name |
Huy Hong Nguyen |
4th Author's Affiliation |
NII (NII) |
5th Author's Name |
Isao Echizen |
5th Author's Affiliation |
NII (NII) |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2021-05-21 13:10:00 |
Presentation Time |
25 minutes |
Registration for |
EMM |
Paper # |
IT2021-11, EMM2021-11 |
Volume (vol) |
vol.121 |
Number (no) |
no.28(IT), no.29(EMM) |
Page |
pp.60-65 |
#Pages |
6 |
Date of Issue |
2021-05-13 (IT, EMM) |
|