Detecting and Correcting Adversarial Images Using Image Processing Operations and Convolutional Neural Networks
share
Deep neural networks (DNNs) have achieved excellent performance on several tasks and have been widely applied in both academia and industry. However, DNNs are vulnerable to adversarial machine learning attacks, in which noise is added to the input to change the network output. We have devised two methods for detecting adversarial images; one based on statistical image processing and one based on convolutional neural network in which the final softmax layer is removed during training. In addition to detection, the image-processing-based method can be used to reduce adversarial noise in images and thereby restore the image labels, which is crucial to restoring the normal functionalities of DNN-based systems. Testing using an adversarial machine learning database we created for generating several types of attack using images from the ImageNet Large Scale Visual Recognition Challenge database demonstrated the efficiency of our proposed methods for both detection and correction even when training was done from scratch on a small database.
READ FULL TEXT