Palabras clave
Red Neuronal Convolucional
Imagen adversarial de alta resolución
Método de Ampliación de Ruido, Píxeles de Interés
Cómo citar
Resumen
Los ataques adversariales en el dominio de las imágenes digitales plantean desafíos significativos para la robustez de los modelos de aprendizaje automático. Las redes neuronales convolucionales (CNNs) entrenadas están entre las herramientas principales utilizadas para la clasificación automática de imágenes. Sin embargo, están expuestas a ataques: dada una imagen limpia de entrada clasificada por una CNN en una categoría, las imágenes adversariales diseñadas cuidadosamente pueden llevar a las CNNs a clasificaciones erróneas, aunque los humanos seguirían clasificando “correctamente” las imágenes adversariales construidas en la misma categoría que la imagen de entrada. En este estudio de viabilidad, proponemos un enfoque novedoso para mejorar los ataques adversariales mediante la incorporación de un mecanismo de detección de píxeles de interés. Nuestro método implica el uso del modelo BagNet para identificar los píxeles más relevantes, lo que permite que el ataque se enfoque exclusivamente en estos píxeles y, de esta manera, acelere el proceso de generación de ataques adversariales. Estos ataques se ejecutan en el dominio de baja resolución y, luego, la estrategia de Ampliación de Ruido (Noise Blowing-Up, NBU) transforma las imágenes adversariales de baja resolución en imágenes adversariales de alta resolución. La estrategia PoI+NBU se prueba en un ataque dirigido de caja negra basado en evolución contra MobileNet entrenado en ImageNet, utilizando 100 imágenes limpias. Observamos que este enfoque aumentó la velocidad del ataque en aproximadamente un 65%.
Referencias
Koçi, J, Topal, A. O., & Ali, M. (2020). Threat object detection in X-ray images using SSD, R-FCN and Faster R-CNN. 2020 International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications (CoNTESA), 10-15. https://doi.org/10.1109/CoNTESA50436.2020.9302863
Ghosh, A., Jana, N. D., Das, S., & Mallipeddi, R. (2023). Two-phase evolutionary convolutional neural network architecture search for medical image classification. Journal Articles. https://10.1109/ACCESS.2023.3323705
Khan, M. J., Singh, P. P., Pradhan, B., Alamri, A., & Lee, C.-W. (2023). Extraction of roads using the archimedes tuning process with the quantum dilated convolutional neural network. Sensors, 23(21), 8783. https://doi.org/10.3390/s23218783
Deng, J., Dong, W., Socher, R., Li, L.-J., Li, K., & Li, F.-F. (2009). ImageNet: A large-scale hierarchical image database. 2009 IEEE Conference on Computer Vision and Pattern Recognition, 248-255. https://doi.org/10.1109/CVPR.2009.5206848
Meng, W., Xing, X., Sheth, A., Weinsberg, U., & Lee, W. (2014). Your online interests: Pwned! A pollution attack against targeted advertising. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, 129-140. https://doi.org/10.1145/2660267.2687258
Hardt, M., & Nath, S. (2012) Privacy-aware personalization for mobile advertising. Proceedings of the 2012 ACM conference on Computer and communications security, 662-673. https://doi.org/10.1145/2382196.2382266
Leprévost, F., Topal, A. O., & Mancellari, E. (2023). Creating high-resolution adversarial images against convolutional neural networks with the noise blowing-up method. In N. T. Nguyen et al. Intelligent Information and Database Systems. ACIIDS 2023 (Lecture Notes in Computer Science, Vol. 13995). https://doi.org/10.1007/978-981-99-5834-4_10
Topal, A. O., Mancellari, E., Leprévost, F., Avdusinovic, E., & Gillet, T. (2024). The noise blowing-up strategy creates high-quality, high-resolution adversarial images against convolutional neural networks. Applied Sciences, 14(8). https://doi.org/10.3390/app14083493
Leprévost, F., Topal, A. O., Mancellari, E., & Lavangnananda, K. (2023). Zone-of interest strategy for the creation of high-resolution adversarial images against convolutional neural networks. 2023 15th International Conference on Information Technology and Electrical Engineering (ICITEE), 127-132. https://doi.org/10.1109/ICITEE59582.2023.10317668
Topal, A. O., Chitic, R., & Leprévost, F. (2023). One evolutionary algorithm deceives humans and ten convolutional neural networks trained on ImageNet at image recognition. Applied Soft Computing, 143. https://doi.org/10.1016/j.asoc.2023.110397
Howard, A. G., Zhu, M., Chen, B., Kalenichenko, D., Wang, W., Weyand, T., Andreetto, M., & Adam, H. (2017). MobileNets: Efficient convolutional neural networks for mobile vision applications. arXiv preprint arXiv:1704.04861. https://doi.org/10.48550/arXiv.1704.04861
Varrette, S., Bouvry, P., Cartiaux, H., & Georgatos, F. (2014). Management of an academic HPC cluster: The UL experience. 2014 International Conference on High Performance Computing & Simulation, 959-967. https://doi.org/10.1109/HPCSim.2014.6903792
Biggio, B., Corona, I., Maiorca, D., Nelson, B., Šrndić, N., Laskov, P., Giacinto, G., & Roli, F. (2013). Evasion attacks against machine learning at test time. Machine Learning and Knowledge Discovery in Databases, 387-402. https://doi.org/10.1007/978-3-642-40994-3_25
Carlini, N., & Wagner, D. (2017). Towards evaluating the robustness of neural networks. 2017 IEEE Symposium on Security and Privacy, 39-57. https://doi.org/10.1109/SP.2017.49
Szegedy, C., Zaremba, W., Sutskever, I., Bruna, J., Erhan, D., Goodfellow, I., Fergus, R. (2013). Intriguing properties of neural networks. arXiv:1312.6199v4. https://doi.org/10.48550/arXiv.1312.6199
Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z. B., & Swami, A. (2016). The Limitations of Deep Learning in Adversarial Settings. 2016 IEEE European Symposium on Security and Privacy, 372-387. https://doi.org/10.1109/EuroSP.2016.36
Chitic, R., Bernard, N., Leprévost, F. (2020). A proof of concept to deceive humans and machines at image classification with evolutionary algorithms. Intelligent Information and Database Systems, 467-480. https://doi.org/10.1007/978-3-030-42058-1_39
Chitic, R., Leprévost, F., Bernard, N. (2020). Evolutionary algorithms deceive humans and machines at image classification: An extended proof of concept on two scenarios. Journal of Information and Telecommunication, 5(1), 1-23. https://doi.org/10.1080/24751839.2020.1829388
Brendel, W., & Bethge, M. (2019). Approximating CNNs with bag-of-local-features models works surprisingly well on ImageNet. International Conference on Learning Representations. https://doi.org/10.48550/arXiv.1904.00760
Ester, M., Kriegel, H.-P., Sander, J. & Xu, X. (1996). A density-based algorithm for discovering clusters in large spatial databases with noise. Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, 226-231. https://dl.acm.org/doi/10.5555/3001460.3001507
Su, J., Vargas, D. V., & Sakurai, K. (2019). One pixel attack for fooling deep neural networks. IEEE Transactions on Evolutionary Computation, 23(5), 828-841. https://doi.org/10.1109/TEVC.2019.2890858
Li, Y., Pan, Q., Feng, Z., & Cambria, E. (2023). Few pixels attacks with generative model. Pattern Recognition, 144, 109849. https://doi.org/10.1016/j.patcog.2023.109849
Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples. arXiv:1412.6572. https://doi.org/10.48550/arXiv.1412.6572
Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2019). Towards deep learning models resistant to adversarial attacks. arXiv:1706.06083. https://doi.org/10.48550/arXiv.1706.06083
Kurakin, A., Goodfellow, I., & Bengio, S. (2016). Adversarial examples in the physical world. arXiv:1607:02533. https://doi.org/10.48550/arXiv.1607.02533
Guo, C., Gardner, J. R., You, Y., Wilson, A. G., & Weinberger, K. Q. (2019). Simple black-box adversarial attacks. Proceedings of the 36th International Conference on Machine Learning, 4410-4423. https://doi.org/10.48550/arXiv.1905.07121
Targonski, C. (2019). TensorFlow implementation of generating adversarial examples with adversarial networks. GitHub. https://github.com/ctargon/AdvGAN-tf
Chitic, R., Topal, A. O., & Leprévost, F. (2023). ShuffleDetect: Detecting adversarial images against convolutional neural networks. Applied Sciences, 13(6). https://doi.org/10.3390/app13064068
Rybczak, M., & Kozakiewicz, K. (2024). Deep machine learning of MobileNet, efficient, and inception models. Algorithms, 17(3), 96. https://doi.org/10.3390/a17030096
Suharto, E., Suhartono, Widodo, A. P., & Sarwoko, E. A. (2020). The use of MobileNet v1 for identifying various types of freshwater fish. Journal of Physics: Conference Series, 1524. https://doi.org/10.1088/1742-6596/1524/1/012105
Elhassouny, A., & Smarandache, F. (2019). Smart mobile application to recognize tomato leaf diseases using Convolutional Neural Networks. 2019 International Conference of Computer Science and Renewable Energies, 1-4. https://www.researchgate.net/publication/343863345_Smart_mobile_application_to_recognize_tomato_leaf_diseases_using_Convolutional_Neural_Networks
Wibowo, A., Adhi Hartanto, C., & Wisnu Wirawan, P. (2020). Android skin cancer detection and classification based on MobileNet v2 model. International Journal of Advances in Intelligent Informatics, 6(2), 135-148. https://doi.org/10.26555/ijain.v6i2.492
Szegedy, C., Liu, W., Jia, Y., Sermanet, P., Reed, S., Anguelov, D., Erhan, D., Vanhoucke, V., & Rabinovich, A. (2015). Going deeper with convolutions. 2015 IEEE Conference on Computer Vision and Pattern Recognition, 1-9. https://doi.org/10.1109/CVPR.2015.7298594
Simonyan, K., & Zisserman, A. (2014) Very deep convolutional networks for large-scale image recognition. arXiv:1409.1556. https://doi.org/10.48550/arXiv.1409.1556
Heusel, M., Ramsauer, H., Unterthiner, T., Nessler, B., & Hochreiter, S. (2017). GANs trained by a two time-scale update rule converge to a local nash equilibrium. Advances in neural information processing systems, 30, 6626-6637. https://doi.org/10.48550/arXiv.1706.08500
Esta obra está bajo una licencia internacional Creative Commons Atribución-NoComercial 4.0.
Derechos de autor 2025 Enea Mancellari, Ali Osman Topal, Franck Leprévost