Robust image classification against adversarial attacks using elastic similarity measures between edge count sequences
| dc.contributor.author | Oregi, Izaskun | |
| dc.contributor.author | Del Ser, Javier | |
| dc.contributor.author | Pérez, Aritz | |
| dc.contributor.author | Lozano, José A. | |
| dc.contributor.institution | Quantum | |
| dc.contributor.institution | IA | |
| dc.date.accessioned | 2024-07-24T12:04:26Z | |
| dc.date.available | 2024-07-24T12:04:26Z | |
| dc.date.issued | 2020-08 | |
| dc.description | Publisher Copyright: © 2020 Elsevier Ltd | |
| dc.description.abstract | Due to their unprecedented capacity to learn patterns from raw data, deep neural networks have become the de facto modeling choice to address complex machine learning tasks. However, recent works have emphasized the vulnerability of deep neural networks when being fed with intelligently manipulated adversarial data instances tailored to confuse the model. In order to overcome this issue, a major effort has been made to find methods capable of making deep learning models robust against adversarial inputs. This work presents a new perspective for improving the robustness of deep neural networks in image classification. In computer vision scenarios, adversarial images are crafted by manipulating legitimate inputs so that the target classifier is eventually fooled, but the manipulation is not visually distinguishable by an external observer. The reason for the imperceptibility of the attack is that the human visual system fails to detect minor variations in color space, but excels at detecting anomalies in geometric shapes. We capitalize on this fact by extracting color gradient features from input images at multiple sensitivity levels to detect possible manipulations. We resort to a deep neural classifier to predict the category of unseen images, whereas a discrimination model analyzes the extracted color gradient features with time series techniques to determine the legitimacy of input images. The performance of our method is assessed over experiments comprising state-of-the-art techniques for crafting adversarial attacks. Results corroborate the increased robustness of the classifier when using our discrimination module, yielding drastically reduced success rates of adversarial attacks that operate on the whole image rather than on localized regions or around the existing shapes of the image. Future research is outlined towards improving the detection accuracy of the proposed method for more general attack strategies. | en |
| dc.description.sponsorship | This research work has been supported by the Basque Government through the EMAITEK and ELKARTEK funding programs. J. Del Ser receives funding support from the Consolidated Research Group MATHMODE ( IT1294-19 ) granted by the Department of Education of the Basque Government . A. Pérez and J. A. Lozano are supported by the Basque Government through the BERC 2018–2021 program and by the Spanish Ministry of Economy and Competitiveness MINECO through BCAM Severo Ochoa excellence accreditation SEV-2017-0718. A. Pérez also acknowledges funding support from AEI/FEDER (UE) through project TIN2017-82626-R. J. A. Lozano is also supported by Spanish Ministry of Economy and Competitiveness MINECO through TIN2016-78365-R . This research work has been supported by the Basque Government through the EMAITEK and ELKARTEK funding programs. J. Del Ser receives funding support from the Consolidated Research Group MATHMODE (IT1294-19) granted by the Department of Education of the Basque Government. A. P?rez and J. A. Lozano are supported by the Basque Government through the BERC 2018?2021 program and by the Spanish Ministry of Economy and Competitiveness MINECO through BCAM Severo Ochoa excellence accreditation SEV-2017-0718. A. P?rez also acknowledges funding support from AEI/FEDER (UE) through project TIN2017-82626-R. J. A. Lozano is also supported by Spanish Ministry of Economy and Competitiveness MINECO through TIN2016-78365-R. | |
| dc.description.status | Peer reviewed | |
| dc.format.extent | 12 | |
| dc.identifier.citation | Oregi , I , Del Ser , J , Pérez , A & Lozano , J A 2020 , ' Robust image classification against adversarial attacks using elastic similarity measures between edge count sequences ' , Neural Networks , vol. 128 , pp. 61-72 . https://doi.org/10.1016/j.neunet.2020.04.030 | |
| dc.identifier.doi | 10.1016/j.neunet.2020.04.030 | |
| dc.identifier.issn | 0893-6080 | |
| dc.identifier.uri | https://hdl.handle.net/11556/3453 | |
| dc.identifier.url | http://www.scopus.com/inward/record.url?scp=85084740542&partnerID=8YFLogxK | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Neural Networks | |
| dc.relation.projectID | BERC | |
| dc.relation.projectID | Department of Education of the Basque Government | |
| dc.relation.projectID | Eusko Jaurlaritza, IT1294-19 | |
| dc.relation.projectID | Ministerio de Economía y Competitividad, MINECO | |
| dc.relation.projectID | European Regional Development Fund, ERDF, TIN2016-78365-R-TIN2017-82626-R | |
| dc.relation.projectID | Agencia Estatal de Investigación, AEI | |
| dc.rights | info:eu-repo/semantics/restrictedAccess | |
| dc.subject.keywords | Adversarial machine learning | |
| dc.subject.keywords | Computer vision | |
| dc.subject.keywords | Deep neural networks | |
| dc.subject.keywords | Time series analysis | |
| dc.subject.keywords | Cognitive Neuroscience | |
| dc.subject.keywords | Artificial Intelligence | |
| dc.title | Robust image classification against adversarial attacks using elastic similarity measures between edge count sequences | en |
| dc.type | journal article |