ADVERSARIAL ATTACKS INTO DEEP LEARNING MODELS USING PIXEL TRANFORMATION

  • Truong Phi Ho, Hoang Thanh Nam, Tran Quang Tuan, Pham Minh Thuan, Pham Duy Trung
Keywords: Deep learning; Adversarial attack; Black-box attack; DNN; Trained model

Abstract

Deep learning is currently developing and being studied by many groups of authors, but deep learning models have potential security risks that can become serious vulnerabilities for applications. At present, the designed antagonist pattern to deceive the neural network in the deep neural network is misbehaving compared to the original design, and the success probability of the antagonist pattern is very worrying, which raises security concerns for machine learning models. Studying and understanding adversarial attacks enhances the security of machine learning models. Most research on antagonistic attacks can fool black box models. The article uses pixel transformation to perform a counterattack, from which it is possible to attack and fool the deep learning system. By the way, the pixel transform method using the Cats and Dogs dataset was tested on the InceptionV3 model. The results demonstrate that the proposed method has a high success rate that causes the deep learning model to misrecognize in the specified target direction.

điểm /   đánh giá
Published
2022-12-26
Issue
Vol. 228 No. 02 (2023): NATURAL SCIENCES - ENGINEERING - TECHNOLOGY
Section
NATURAL SCIENCE – ENGINEERING – TECHNOLOGY