Testing Convolutional Neural Network using Adversarial Attacks on Potential Critical Pixels

Bo Ching Lin, Hwai Jung Hsu, Shih Kun Huang

研究成果: Conference contribution同行評審

摘要

Convolutional neural networks (CNNs) are known to be vulnerable to adversarial attacks. Well-crafted perturbations to the inputs can mislead a state-of-the-art CNN to make wrong decisions. Therefore, there is a pressing need for the development of methods that can test or detect the vulnerability of CNNs. In this study, we propose an adversarial attack method, called Dual Iterative Fusion (DIF) with potential critical pixels, for CNN testing to reveal the vulnerability of CNNs. DIF modifies as few as 5 pixels out of 32x32 images in this study and achieves faster, less noticeable, and more targeted attacks to a CNN. Testing CNNs with DIF, we observed that some classes are more vulnerable than the others within many classical CNNs for image classification. In other words, some classes are susceptible to misclassification due to adversarial attacks. For example, in VGG19 trained with CIFAR10 data set, the vulnerable class is 'Cat'. The successfully-targeted attack rate of class 'Cat' in VGG19 is obviously higher than the others, 57.01% versus 25%. In the ResNet18, the vulnerable class is 'Plane', with a successfully-targeted attack rate of 37.08% while the other classes are lower than 12%. These classes should be considered as vulnerabilities in the CNNs, and are pinpointed by generating test images using DIF. The issues can be mitigated through retraining the CNNs with the adversarial images generated by DIF, and the misclassification rate of the vulnerable classes declines at most from 61.67% to 6.37% after the retraining.

原文English
主出版物標題Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020
編輯W. K. Chan, Bill Claycomb, Hiroki Takakura, Ji-Jiang Yang, Yuuichi Teranishi, Dave Towey, Sergio Segura, Hossain Shahriar, Sorel Reisman, Sheikh Iqbal Ahamed
發行者Institute of Electrical and Electronics Engineers Inc.
頁面1743-1748
頁數6
ISBN(電子)9781728173030
DOIs
出版狀態Published - 七月 2020
事件44th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2020 - Virtual, Madrid, Spain
持續時間: 13 七月 202017 七月 2020

出版系列

名字Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020

Conference

Conference44th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2020
國家Spain
城市Virtual, Madrid
期間13/07/2017/07/20

指紋 深入研究「Testing Convolutional Neural Network using Adversarial Attacks on Potential Critical Pixels」主題。共同形成了獨特的指紋。

引用此