Fired neuron rate based decision tree for detection of adversarial examples in DNNs

Fired neuron rate based decision tree for detection of adversarial examples in DNNs

Deep neural network (DNN) is a prevalent machine learning solution to computer vision problems. The most criticized vulnerability of deep learning is its susceptibility towards adversarial images crafted by maliciously adding infinitesimal distortions to the benign inputs. Such negatives can fool a...

Full description

Saved in:
Bibliographic Details
Main Authors: Wang, Si, Liu, Wenye, Chang, Chip-Hong
Other Authors: School of Electrical and Electronic Engineering
Format: Conference or Workshop Item
Language:English
Published: 2020
Subjects:
Engineering::Electrical and electronic engineering::Computer hardware, software and systems
Deep Learning Security
Adversarial Attack
Online Access:https://hdl.handle.net/10356/144346
https://doi.org/10.21979/N9/YPY0EB
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-144346
record_format dspace
spelling sg-ntu-dr.10356-1443462021-03-01T07:59:32Z Fired neuron rate based decision tree for detection of adversarial examples in DNNs Wang, Si Liu, Wenye Chang, Chip-Hong School of Electrical and Electronic Engineering 2020 IEEE International Symposium on Circuits and Systems (ISCAS) VIRTUS, IC Design Centre of Excellence Engineering::Electrical and electronic engineering::Computer hardware, software and systems Deep Learning Security Adversarial Attack Deep neural network (DNN) is a prevalent machine learning solution to computer vision problems. The most criticized vulnerability of deep learning is its susceptibility towards adversarial images crafted by maliciously adding infinitesimal distortions to the benign inputs. Such negatives can fool a classifier. Existing countermeasures against these adversarial attacks are mainly developed based on software model of DNNs by using modified training during learning or modified input during testing, modifying networks or changing loss/activation functions, or relying on add-on models for classifying unseen examples. These approaches do not consider the optimization for hardware implementation of the learning models. In this paper, a new thresholding method is proposed based on comparators integrated into the most discriminative layers of the DNN determined by their layer-wise fired neuron rates between adversarial and normal inputs. Effectiveness of the method is validated on the ImageNet dataset with 8-bit truncated models for the state-of-the-art DNN architectures. A high detection rate of up to 98% with only 4.5% of false positive rate is achieved. The results show a significant improvement on both detection rate and false positive rate compared with previous countermeasures against the most practical non-invasive universal perturbation attack on deep learning based AI chip. National Research Foundation (NRF) Accepted version This research is supported by the National Research Foundation, Singapore, under its National Cybersecurity Research & Development Programme / Cyber-Hardware Forensic & Assurance Evaluation R&D Programme (Award: CHFA-GC1-AW01). 2020-10-29T06:33:02Z 2020-10-29T06:33:02Z 2020 Conference Paper Wang, S., Liu, W., & Chang, C.-H. (2020). Fired neuron rate based decision tree for detection of adversarial examples in DNNs. Proceedings of the 2020 IEEE International Symposium on Circuits and Systems (ISCAS). doi:10.1109/ISCAS45731.2020.9180476 https://hdl.handle.net/10356/144346 10.1109/ISCAS45731.2020.9180476 en CHFA-GC1-AW01 https://doi.org/10.21979/N9/YPY0EB © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/ISCAS45731.2020.9180476 application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Electrical and electronic engineering::Computer hardware, software and systems
Deep Learning Security
Adversarial Attack
spellingShingle Engineering::Electrical and electronic engineering::Computer hardware, software and systems
Deep Learning Security
Adversarial Attack
Wang, Si
Liu, Wenye
Chang, Chip-Hong
Fired neuron rate based decision tree for detection of adversarial examples in DNNs
description Deep neural network (DNN) is a prevalent machine learning solution to computer vision problems. The most criticized vulnerability of deep learning is its susceptibility towards adversarial images crafted by maliciously adding infinitesimal distortions to the benign inputs. Such negatives can fool a classifier. Existing countermeasures against these adversarial attacks are mainly developed based on software model of DNNs by using modified training during learning or modified input during testing, modifying networks or changing loss/activation functions, or relying on add-on models for classifying unseen examples. These approaches do not consider the optimization for hardware implementation of the learning models. In this paper, a new thresholding method is proposed based on comparators integrated into the most discriminative layers of the DNN determined by their layer-wise fired neuron rates between adversarial and normal inputs. Effectiveness of the method is validated on the ImageNet dataset with 8-bit truncated models for the state-of-the-art DNN architectures. A high detection rate of up to 98% with only 4.5% of false positive rate is achieved. The results show a significant improvement on both detection rate and false positive rate compared with previous countermeasures against the most practical non-invasive universal perturbation attack on deep learning based AI chip.
author2 School of Electrical and Electronic Engineering
author_facet School of Electrical and Electronic Engineering
Wang, Si
Liu, Wenye
Chang, Chip-Hong
format Conference or Workshop Item
author Wang, Si
Liu, Wenye
Chang, Chip-Hong
author_sort Wang, Si
title Fired neuron rate based decision tree for detection of adversarial examples in DNNs
title_short Fired neuron rate based decision tree for detection of adversarial examples in DNNs
title_full Fired neuron rate based decision tree for detection of adversarial examples in DNNs
title_fullStr Fired neuron rate based decision tree for detection of adversarial examples in DNNs
title_full_unstemmed Fired neuron rate based decision tree for detection of adversarial examples in DNNs
title_sort fired neuron rate based decision tree for detection of adversarial examples in dnns
publishDate 2020
url https://hdl.handle.net/10356/144346
https://doi.org/10.21979/N9/YPY0EB
_version_ 1695706228087324672

Similar Items