An approach to detecting L0-optimized attacks on image processing neural networks via means of mathematical statistics
Annotation
Artificial intelligence has become widespread in image processing tasks. At the same time, the number of vulnerabilities is increasing in systems implementing these artificial intelligence technologies (the attack surface is increasing). The main threats to information security can be implemented by introducing malicious perturbations into the input data, regardless of their type. To detect such attacks, approaches and methods have been developed based, in particular, on the use of an auto-encoder or the analysis of layers of the target neural network. The disadvantage of existing methods, which significantly reduce the scope of their application, is binding to the dataset or model architecture. This paper discusses the issues of expanding the scope (increasing scalability) of methods for detecting L0-optimized perturbations introduced by unconventional pixel attacks. An approach to detecting these attacks using statistical analysis of input data, regardless of the model and dataset, is proposed. It is assumed that the pixels of the perturbation embedded in the image, as a result of the L0-optimized attack, will be considered both local and global outliers. Outlier detection is performed using statistical metrics such as deviation from nearest neighbors and Mahalanobis distance. The evaluation of each pixel (anomaly score) is performed as a product of the specified metrics. A threshold clipping algorithm is used to detect an attack. When a pixel is detected for which the received score exceeds a certain threshold, the image is recognized as distorted. The approach was tested on the CIFAR-10 and MNIST datasets. The developed method has demonstrated high accuracy in detecting attacks. On the CIFAR-10 dataset, the accuracy of detecting onepixel attack (accuracy) was 94.3 %, and when detecting a Jacobian based Saliency Map Attack (JSMA) — 98.3 %. The proposed approach is also applicable in the detection of modified pixels. The proposed approach is applicable for detecting one-pixel attacks and JSMA, but can potentially be used for any L0-optimized distortions. The approach is applicable for color and grayscale images regardless of the dataset. The proposed approach is potentially universal for the architecture of a neural network, since it uses only input data to detect attacks. The approach can be used to detect images modified by unconventional adversarial attacks in the training sample before the model is formed.
Keywords
Постоянный URL
Articles in current issue
- Optical properties of the interface between indium tin oxides thin films and laser-deposited single-walled carbon nanotubes
- The xanthene fluorescent dyes usage for the microplastics in soil detection and for phytotests
- Investigation of the effect of the applied voltage to the control electrodes of a lithium niobate phase modulator on the intensity distribution at the ends of channel waveguides and on parasitic amplitude modulation
- Assessment of the quantitative composition of hydrate formation inhibitors by their infrared spectra
- Magneto optical properties of atmospheric air molecules
- Femtosecond laser modification of the ZnO:Ag sol-gel films within dichroism emergence
- Insights from Keldysh theory to plasma electron density in liquid water under excitation wavelength scaling
- Luminescent and colorimetric properties of silica-coated spherical cadmium telluride nanocrystals in an external electric field
- The sliding-mode observer for PMSM field-oriented sensorless control with adaptive filter and PLL
- Improving the algorithm for processing data from multisensor system in tasks of determining quality parameters in vegetable oils
- Lithium tetraborate co-doping with transition and alkali metals
- Analysis of chemical interactions during filling a cesium vapor cell for a quantum magnetometer
- Polymer-salt synthesis and study on structure of vanadium-doped yttrium-aluminum garnet
- Enhancing healthcare data security in cloud environments with dual authentication and optimal key-tuned encryption
- Elimination of distortions of weak images of astronomical objects on the example of Saturn, Jupiter and their satellites
- Method for generating information sequence segments using the quality functional of processing models
- Smartphone video motion deblur order model
- An approach to detecting L0-optimized attacks on image processing neural networks via means of mathematical statistics
- On the influence of a concentrated inclusion on the spectrum of natural vibrations of a string and Bernoulli-Euler beam
- Restoration of unsteady heat flow from a thermal energy accumulator by solving the inverse heat conduction problem
- Management of space surveillance radar temporal resource on fuzzy set theory
- Quantification and modeling of ankle biomechanical characteristics