Affiliation:
1. School of Cyber Engineering, Xidian University, Xi’an 710126, China
2. Department of Information Engineering and Mathematics, University of Siena, Siena 53100, Italy
Abstract
The existence of adversarial examples and the easiness with which they can be generated raise several security concerns with regard to deep learning systems, pushing researchers to develop suitable defence mechanisms. The use of networks adopting error-correcting output codes (ECOC) has recently been proposed to counter the creation of adversarial examples in a white-box setting. In this paper, we carry out an in-depth investigation of the adversarial robustness achieved by the ECOC approach. We do so by proposing a new adversarial attack specifically designed for multilabel classification architectures, like the ECOC-based one, and by applying two existing attacks. In contrast to previous findings, our analysis reveals that ECOC-based networks can be attacked quite easily by introducing a small adversarial perturbation. Moreover, the adversarial examples can be generated in such a way to achieve high probabilities for the predicted target class, hence making it difficult to use the prediction confidence to detect them. Our findings are proven by means of experimental results obtained on MNIST, CIFAR-10, and GTSRB classification tasks.
Funder
China Scholarship Council
Subject
Computer Networks and Communications,Information Systems
Reference45 articles.
1. Intriguing properties of neural networks;C. Szegedy,2013
2. Explaining and harnessing adversarial examples;I. J. Goodfellow,2014
3. Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey
4. Universal adversarial perturbations;S. M. Moosavi-Dezfooli
5. DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献