Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Secure deep neural networks using adversarial image generation and training with Noise-GAN

Hashemi, Atiye Sadat LU and Mozaffari, Saeed (2019) In Computers and Security 86. p.372-387
Abstract
Recent advances in artificial intelligence have increased the importance of security issues. Nowadays, deep neural networks (DNNs) are used in many critical applications such as pilot drones and self-driving cars. So, the DNN's malfunction, due to an attack, may cause irreparable damages. The attack may happen either in training phase (poisoning attacks) or testing phase (evasion attacks) by presenting adversarial examples. These samples are maliciously created to deceive DNNs. This paper deals with evasion attacks and aims to immunize DNNs through adversarial examples generation and training. We propose Noise-GAN, a Generative Adversarial Network (GAN) with a multi-class Discriminator for producing a noise that by adding it to the... (More)
Recent advances in artificial intelligence have increased the importance of security issues. Nowadays, deep neural networks (DNNs) are used in many critical applications such as pilot drones and self-driving cars. So, the DNN's malfunction, due to an attack, may cause irreparable damages. The attack may happen either in training phase (poisoning attacks) or testing phase (evasion attacks) by presenting adversarial examples. These samples are maliciously created to deceive DNNs. This paper deals with evasion attacks and aims to immunize DNNs through adversarial examples generation and training. We propose Noise-GAN, a Generative Adversarial Network (GAN) with a multi-class Discriminator for producing a noise that by adding it to the original image adversarial examples can be obtained. In this paper, various types of evasion attacks are considered and performance of the proposed method is evaluated on different victim models under various defensive strategies. Experimental results are based on MNIST and CIFAR10 datasets and the average success rates for different attacks are reported and compared with state-of-the-art methods. The Non-targeted attack success rates on DNNs after training by adversarial examples, generated by Noise-GAN, were declined from 87.7% to 10.41% using MNIST dataset and from 91.2% to 57.66% using CIFAR-10 dataset. (Less)
Please use this url to cite or link to this publication:
author
and
publishing date
type
Contribution to journal
publication status
published
in
Computers and Security
volume
86
pages
372 - 387
publisher
Elsevier
external identifiers
  • scopus:85068841183
ISSN
0167-4048
DOI
10.1016/j.cose.2019.06.012
language
English
LU publication?
no
id
9bf500b8-0341-498d-9928-60626dddd080
date added to LUP
2025-01-31 14:21:53
date last changed
2025-02-03 08:25:05
@article{9bf500b8-0341-498d-9928-60626dddd080,
  abstract     = {{Recent advances in artificial intelligence have increased the importance of security issues. Nowadays, deep neural networks (DNNs) are used in many critical applications such as pilot drones and self-driving cars. So, the DNN's malfunction, due to an attack, may cause irreparable damages. The attack may happen either in training phase (poisoning attacks) or testing phase (evasion attacks) by presenting adversarial examples. These samples are maliciously created to deceive DNNs. This paper deals with evasion attacks and aims to immunize DNNs through adversarial examples generation and training. We propose Noise-GAN, a Generative Adversarial Network (GAN) with a multi-class Discriminator for producing a noise that by adding it to the original image adversarial examples can be obtained. In this paper, various types of evasion attacks are considered and performance of the proposed method is evaluated on different victim models under various defensive strategies. Experimental results are based on MNIST and CIFAR10 datasets and the average success rates for different attacks are reported and compared with state-of-the-art methods. The Non-targeted attack success rates on DNNs after training by adversarial examples, generated by Noise-GAN, were declined from 87.7% to 10.41% using MNIST dataset and from 91.2% to 57.66% using CIFAR-10 dataset.}},
  author       = {{Hashemi, Atiye Sadat and Mozaffari, Saeed}},
  issn         = {{0167-4048}},
  language     = {{eng}},
  pages        = {{372--387}},
  publisher    = {{Elsevier}},
  series       = {{Computers and Security}},
  title        = {{Secure deep neural networks using adversarial image generation and training with Noise-GAN}},
  url          = {{http://dx.doi.org/10.1016/j.cose.2019.06.012}},
  doi          = {{10.1016/j.cose.2019.06.012}},
  volume       = {{86}},
  year         = {{2019}},
}