Loading...

Improving Robustness of Deep Neural Networks Against Query-based Adversarial Attacks

Dousti Gandomani, Mehdi | 2024

0 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 57157 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Jalili, Rasool
  7. Abstract:
  8. In recent years, deep neural networks have been widely used in various applications such as image classification and malware detection. However, these networks are vulnerable to a type of attack called adversarial attacks, where, the attacker tries to cause the target model to misclassify the input image by adding a small amount of perturbation to the input image in a way that is often undetectable to humans. A special type of such attacks that can be applied in real-world conditions can be used without knowledge of the architecture and parameters of the model and only by sending a query and receiving the probability vector or the correct label, which are called black box attacks. such attacks are divided into three categories score-based, decision-based, and transfer-based, which can threaten the security of existing models. Therefore, providing solutions to improve the security of these models is of particular importance. Despite providing various defense methods, attackers are also improving their attacks to bypass these defense methods, and so far no defense method that can fully resist black-box attacks has been presented. In this thesis, we examine existing attacks and defense methods and get an idea of their strengths and weaknesses. We present our defense method called gradient confusion defense. This method, using the parameter $M$ which is randomly chosen from $M \sim \mathcall{U} (0.5,10)$ and multiplied by the output logits that can improve the robustness of deep neural networks against query-based black-box attacks. The evaluation criterion of the proposed method is to reduce the success rate and increase the average number of queries required by the most efficient query-based black-box attacks, including Nes, Bandit, Square, Signhunter, and ZoSign SGD. For more reliable results, we compare gradient confusion defense performance with the most popular black-box adversarial defense available in the literature, that is, the random noise defense and we can outperform it with considerable gap
  9. Keywords:
  10. Deep Neural Networks ; Adversarial Attacks ; Black Box Adversarial Environment ; Query-Based Attack ; Black-Box Attacks

 Digital Object List

 Bookmark

No TOC