A learning and masking approach to secure learning

Author

Linh NGUYEN
Sky WANG
Arunesh SINHA, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

10-2018

Abstract

Deep Neural Networks (DNNs) have been shown to be vulnerable against adversarial examples, which are data points cleverly constructed to fool the classifier. Such attacks can be devastating in practice, especially as DNNs are being applied to ever increasing critical tasks like image recognition in autonomous driving. In this paper, we introduce a new perspective on the problem. We do so by first defining robustness of a classifier to adversarial exploitation. Next, we show that the problem of adversarial example generation can be posed as learning problem. We also categorize attacks in literature into high and low perturbation attacks; well-known attacks like FGSM [11] and our attack produce higher perturbation adversarial examples while the more potent but computationally inefficient Carlini-Wagner [5] (CW) attack is low perturbation. Next, we show that the dual approach of the attack learning problem can be used as a defensive technique that is effective against high perturbation attacks. Finally, we show that a classifier masking method achieved by adding noise to the a neural network’s logit output protects against low distortion attacks such as the CW attack. We also show that both our learning and masking defense can work simultaneously to protect against multiple attacks. We demonstrate the efficacy of our techniques by experimenting with the MNIST and CIFAR-10 datasets.

Keywords

adversarial examples, robust learning

Discipline

Databases and Information Systems | Software Engineering

Research Areas

Data Science and Engineering

Publication

Proceedings of the 9th Conference on Decision and Game Theory for Security: GameSec 2018, Seattle, USA, October 29-31

Volume

11199

First Page

453

Last Page

464

ISBN

978-3-030-01553-4

Identifier

10.1007/978-3-030-01554-1_26

Publisher

Springer Link

City or Country

Seattle, USA

Citation

NGUYEN, Linh; WANG, Sky; and SINHA, Arunesh. A learning and masking approach to secure learning. (2018). Proceedings of the 9th Conference on Decision and Game Theory for Security: GameSec 2018, Seattle, USA, October 29-31. 11199, 453-464.
Available at: https://ink.library.smu.edu.sg/sis_research/4793

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1007/978-3-030-01554-1_26