TENET: a new hybrid network architecture for adversarial defense
Künye
Tuna, Ö. F., Çatak, F. Ö. & Eskil, M. T. (2023). TENET: a new hybrid network architecture for adversarial defense. International Journal of Information Security, 22(4), 987-1004. doi:10.1007/s10207-023-00675-1Özet
Deep neural network (DNN) models are widely renowned for their resistance to random perturbations. However, researchers have found out that these models are indeed extremely vulnerable to deliberately crafted and seemingly imperceptible perturbations of the input, referred to as adversarial examples. Adversarial attacks have the potential to substantially compromise the security of DNN-powered systems and posing high risks especially in the areas where security is a top priority. Numerous studies have been conducted in recent years to defend against these attacks and to develop more robust architectures resistant to adversarial threats. In this study, we propose a new architecture and enhance a recently proposed technique by which we can restore adversarial samples back to their original class manifold. We leverage the use of several uncertainty metrics obtained from Monte Carlo dropout (MC Dropout) estimates of the model together with the model’s own loss function and combine them with the use of defensive distillation technique to defend against these attacks. We have experimentally evaluated and verified the efficacy of our approach on MNIST (Digit), MNIST (Fashion) and CIFAR10 datasets. In our experiments, we showed that our proposed method reduces the attack’s success rate lower than 5% without compromising clean accuracy.
Kaynak
International Journal of Information SecurityCilt
22Sayı
4İlgili Öğeler
Başlık, yazar, küratör ve konuya göre gösterilen ilgili öğeler.
-
A parametric approach to construct two-variable positive real impedance functions for the real frequency design of mixed lumped-distributed matching networks
Aksen, Ahmet; Pınarbaşı, Hacı; Yarman, Bekir Sıddık Binboğa (IEEE, 2004)In this paper, a parametric approach to construct two-variable positive real driving point impedance functions characterizing lossless ladder networks with mixed lumped and distributed elements is presented. The proposed ... -
Odaklanan nöron
Çam, İlker; Tek, Faik Boray (IEEE, 2017-06-27)Geleneksel yapay sinir ağında topoloji eğitim sırasında değişebilecek esnekliğe sahip değildir. Ağda her bir nöron ve bağımsız bağlantı katsayıları çözüm işlevinin bir parçasıdır. Bu bildiride önerdiğimiz odaklanabilir ... -
Reflectance data model with mixed lumped and distributed elements for wireless communication systems
Yarman, Bekir Sıddık Binboğa; Şengül, Metin; Kılınç, Ali; Aksen, Ahmet (IEEE, 2005)In this paper, a new method is presented to model the given reflectance data obtained from a "passive one-port physical device", as a lossless two port consists of lumped and distributed elements. Basis of the new method ...