Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks

Fatemeh Sheikholeslami; Swayambhoo Jain; Georgios B Giannakis

doi:10.1109/ICASSP.2019.8683348

Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks

Fatemeh Sheikholeslami, Swayambhoo Jain, Georgios B Giannakis

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Scopus citations

Abstract

Despite their well-documented learning capabilities in clean environments, deep convolutional neural networks (CNNs) are extremely fragile in adversarial settings, where carefully crafted perturbations created by an attacker can easily disrupt the task at hand. Numerous methods have been proposed for designing effective attacks, while the design of effective defense schemes is still an open area. This work leverages randomization-based defense schemes to introduce a sampling mechanism for strong and efficient defense. To this end, sampling is proposed to take place over the matricized mid-layer data in the neural network, and the sampling probabilities are systematically obtained via variance minimization. The proposed defense only requires adding sampling blocks to the network in the inference phase without extra overhead in the training. In addition, it can be utilized on any pre-trained network without altering the weights. Numerical tests corroborate the improved defense against various attack schemes in comparison with state-of-the-art randomized defenses.

Original language	English (US)
Title of host publication	2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	3277-3281
Number of pages	5
ISBN (Electronic)	9781479981311
DOIs	https://doi.org/10.1109/ICASSP.2019.8683348
State	Published - May 2019
Event	44th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Brighton, United Kingdom Duration: May 12 2019 → May 17 2019

Publication series

Name	ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings
Volume	2019-May
ISSN (Print)	1520-6149

Conference

Conference	44th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019
Country/Territory	United Kingdom
City	Brighton
Period	5/12/19 → 5/17/19

Bibliographical note

Funding Information:
Majority of this work was done during a summer research internship at Technicolor AI Lab in Palo Alto, CA - USA. This research was supported in part by NSF grant 1500713, 151405\6, 1505970, and 1711471. Author emails: sheik081@umn.edu, swayambhoo.jain@technicolor.com, georgios@umn.edu

Publisher Copyright:
© 2019 IEEE.

Keywords

Deep learning
adversarial examples
convolutional neural networks
image classification
randomized defenses

Access

10.1109/ICASSP.2019.8683348

OpenUrl availability

Full text

Cite this

Sheikholeslami, F., Jain, S., & Giannakis, G. B. (2019). Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks. In 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings (pp. 3277-3281). Article 8683348 (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings; Vol. 2019-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICASSP.2019.8683348

Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks. / Sheikholeslami, Fatemeh; Jain, Swayambhoo; Giannakis, Georgios B.
2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. p. 3277-3281 8683348 (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings; Vol. 2019-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sheikholeslami, F, Jain, S & Giannakis, GB 2019, Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks. in 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings., 8683348, ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings, vol. 2019-May, Institute of Electrical and Electronics Engineers Inc., pp. 3277-3281, 44th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019, Brighton, United Kingdom, 5/12/19. https://doi.org/10.1109/ICASSP.2019.8683348

Sheikholeslami F, Jain S, Giannakis GB. Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks. In 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2019. p. 3277-3281. 8683348. (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings). doi: 10.1109/ICASSP.2019.8683348

Sheikholeslami, Fatemeh ; Jain, Swayambhoo ; Giannakis, Georgios B. / Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks. 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 3277-3281 (ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings).

@inproceedings{1ea098e9ed974e30b8e3bb6542ec5378,

title = "Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks",

abstract = "Despite their well-documented learning capabilities in clean environments, deep convolutional neural networks (CNNs) are extremely fragile in adversarial settings, where carefully crafted perturbations created by an attacker can easily disrupt the task at hand. Numerous methods have been proposed for designing effective attacks, while the design of effective defense schemes is still an open area. This work leverages randomization-based defense schemes to introduce a sampling mechanism for strong and efficient defense. To this end, sampling is proposed to take place over the matricized mid-layer data in the neural network, and the sampling probabilities are systematically obtained via variance minimization. The proposed defense only requires adding sampling blocks to the network in the inference phase without extra overhead in the training. In addition, it can be utilized on any pre-trained network without altering the weights. Numerical tests corroborate the improved defense against various attack schemes in comparison with state-of-the-art randomized defenses.",

keywords = "Deep learning, adversarial examples, convolutional neural networks, image classification, randomized defenses",

author = "Fatemeh Sheikholeslami and Swayambhoo Jain and Giannakis, {Georgios B}",

note = "Funding Information: Majority of this work was done during a summer research internship at Technicolor AI Lab in Palo Alto, CA - USA. This research was supported in part by NSF grant 1500713, 151405\6, 1505970, and 1711471. Author emails: sheik081@umn.edu, swayambhoo.jain@technicolor.com, georgios@umn.edu Publisher Copyright: {\textcopyright} 2019 IEEE.; 44th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 ; Conference date: 12-05-2019 Through 17-05-2019",

year = "2019",

month = may,

doi = "10.1109/ICASSP.2019.8683348",

language = "English (US)",

series = "ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "3277--3281",

booktitle = "2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings",

}

TY - GEN

T1 - Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks

AU - Sheikholeslami, Fatemeh

AU - Jain, Swayambhoo

AU - Giannakis, Georgios B

N1 - Funding Information: Majority of this work was done during a summer research internship at Technicolor AI Lab in Palo Alto, CA - USA. This research was supported in part by NSF grant 1500713, 151405\6, 1505970, and 1711471. Author emails: sheik081@umn.edu, swayambhoo.jain@technicolor.com, georgios@umn.edu Publisher Copyright: © 2019 IEEE.

PY - 2019/5

Y1 - 2019/5

N2 - Despite their well-documented learning capabilities in clean environments, deep convolutional neural networks (CNNs) are extremely fragile in adversarial settings, where carefully crafted perturbations created by an attacker can easily disrupt the task at hand. Numerous methods have been proposed for designing effective attacks, while the design of effective defense schemes is still an open area. This work leverages randomization-based defense schemes to introduce a sampling mechanism for strong and efficient defense. To this end, sampling is proposed to take place over the matricized mid-layer data in the neural network, and the sampling probabilities are systematically obtained via variance minimization. The proposed defense only requires adding sampling blocks to the network in the inference phase without extra overhead in the training. In addition, it can be utilized on any pre-trained network without altering the weights. Numerical tests corroborate the improved defense against various attack schemes in comparison with state-of-the-art randomized defenses.

AB - Despite their well-documented learning capabilities in clean environments, deep convolutional neural networks (CNNs) are extremely fragile in adversarial settings, where carefully crafted perturbations created by an attacker can easily disrupt the task at hand. Numerous methods have been proposed for designing effective attacks, while the design of effective defense schemes is still an open area. This work leverages randomization-based defense schemes to introduce a sampling mechanism for strong and efficient defense. To this end, sampling is proposed to take place over the matricized mid-layer data in the neural network, and the sampling probabilities are systematically obtained via variance minimization. The proposed defense only requires adding sampling blocks to the network in the inference phase without extra overhead in the training. In addition, it can be utilized on any pre-trained network without altering the weights. Numerical tests corroborate the improved defense against various attack schemes in comparison with state-of-the-art randomized defenses.

KW - Deep learning

KW - adversarial examples

KW - convolutional neural networks

KW - image classification

KW - randomized defenses

UR - http://www.scopus.com/inward/record.url?scp=85069004390&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85069004390&partnerID=8YFLogxK

U2 - 10.1109/ICASSP.2019.8683348

DO - 10.1109/ICASSP.2019.8683348

M3 - Conference contribution

AN - SCOPUS:85069004390

T3 - ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings

SP - 3277

EP - 3281

BT - 2019 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 44th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2019

Y2 - 12 May 2019 through 17 May 2019

ER -

Efficient Randomized Defense against Adversarial Attacks in Deep Convolutional Neural Networks

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this