Restricted Evasion Attack: Generation of Restricted-Area Adversarial Example
Deep neural networks (DNNs) show superior performance in image and speech recognition. However, adversarial examples created by adding a little noise to an original sample can lead to misclassification by a DNN. Conventional studies on adversarial examples have focused on ways of causing misclassifi...
Guardado en:
| Autores principales: | , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
IEEE
2019
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/18e15e9596274820aa6894a854aac8f4 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:18e15e9596274820aa6894a854aac8f4 |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:18e15e9596274820aa6894a854aac8f42021-11-19T00:02:46ZRestricted Evasion Attack: Generation of Restricted-Area Adversarial Example2169-353610.1109/ACCESS.2019.2915971https://doaj.org/article/18e15e9596274820aa6894a854aac8f42019-01-01T00:00:00Zhttps://ieeexplore.ieee.org/document/8710245/https://doaj.org/toc/2169-3536Deep neural networks (DNNs) show superior performance in image and speech recognition. However, adversarial examples created by adding a little noise to an original sample can lead to misclassification by a DNN. Conventional studies on adversarial examples have focused on ways of causing misclassification by a DNN by modulating the entire image. However, in some cases, a restricted adversarial example may be required in which only certain parts of the image are modified rather than the entire image and that results in misclassification by the DNN. For example, when the placement of a road sign has already been completed, an attack may be required that will change only a specific part of the sign, such as by placing a sticker on it, to cause misidentification of the entire image. As another example, an attack may be required that causes a DNN to misinterpret images according to a minimal modulation of the outside border of the image. In this paper, we propose a new restricted adversarial example that modifies only a restricted area to cause misclassification by a DNN while minimizing distortion from the original sample. It can also select the size of the restricted area. We used the CIFAR10 and ImageNet datasets to evaluate the performance. We measured the attack success rate and distortion of the restricted adversarial example while adjusting the size, shape, and position of the restricted area. The results show that the proposed scheme generates restricted adversarial examples with a 100% attack success rate in a restricted area of the whole image (approximately 14% for CIFAR10 and 1.07% for ImageNet) while minimizing the distortion distance.Hyun KwonHyunsoo YoonDaeseon ChoiIEEEarticleDeep neural network (DNN)adversarial examplemachine learningevasion attackrestricted areaElectrical engineering. Electronics. Nuclear engineeringTK1-9971ENIEEE Access, Vol 7, Pp 60908-60919 (2019) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
Deep neural network (DNN) adversarial example machine learning evasion attack restricted area Electrical engineering. Electronics. Nuclear engineering TK1-9971 |
| spellingShingle |
Deep neural network (DNN) adversarial example machine learning evasion attack restricted area Electrical engineering. Electronics. Nuclear engineering TK1-9971 Hyun Kwon Hyunsoo Yoon Daeseon Choi Restricted Evasion Attack: Generation of Restricted-Area Adversarial Example |
| description |
Deep neural networks (DNNs) show superior performance in image and speech recognition. However, adversarial examples created by adding a little noise to an original sample can lead to misclassification by a DNN. Conventional studies on adversarial examples have focused on ways of causing misclassification by a DNN by modulating the entire image. However, in some cases, a restricted adversarial example may be required in which only certain parts of the image are modified rather than the entire image and that results in misclassification by the DNN. For example, when the placement of a road sign has already been completed, an attack may be required that will change only a specific part of the sign, such as by placing a sticker on it, to cause misidentification of the entire image. As another example, an attack may be required that causes a DNN to misinterpret images according to a minimal modulation of the outside border of the image. In this paper, we propose a new restricted adversarial example that modifies only a restricted area to cause misclassification by a DNN while minimizing distortion from the original sample. It can also select the size of the restricted area. We used the CIFAR10 and ImageNet datasets to evaluate the performance. We measured the attack success rate and distortion of the restricted adversarial example while adjusting the size, shape, and position of the restricted area. The results show that the proposed scheme generates restricted adversarial examples with a 100% attack success rate in a restricted area of the whole image (approximately 14% for CIFAR10 and 1.07% for ImageNet) while minimizing the distortion distance. |
| format |
article |
| author |
Hyun Kwon Hyunsoo Yoon Daeseon Choi |
| author_facet |
Hyun Kwon Hyunsoo Yoon Daeseon Choi |
| author_sort |
Hyun Kwon |
| title |
Restricted Evasion Attack: Generation of Restricted-Area Adversarial Example |
| title_short |
Restricted Evasion Attack: Generation of Restricted-Area Adversarial Example |
| title_full |
Restricted Evasion Attack: Generation of Restricted-Area Adversarial Example |
| title_fullStr |
Restricted Evasion Attack: Generation of Restricted-Area Adversarial Example |
| title_full_unstemmed |
Restricted Evasion Attack: Generation of Restricted-Area Adversarial Example |
| title_sort |
restricted evasion attack: generation of restricted-area adversarial example |
| publisher |
IEEE |
| publishDate |
2019 |
| url |
https://doaj.org/article/18e15e9596274820aa6894a854aac8f4 |
| work_keys_str_mv |
AT hyunkwon restrictedevasionattackgenerationofrestrictedareaadversarialexample AT hyunsooyoon restrictedevasionattackgenerationofrestrictedareaadversarialexample AT daeseonchoi restrictedevasionattackgenerationofrestrictedareaadversarialexample |
| _version_ |
1718420653104693248 |