Skip to main content
SpringerLink
Log in

Adversarial Attacks and Defenses in Capsule Networks: A Critical Review of Robustness Challenges and Mitigation Strategies

  • Conference paper
  • First Online:
Advanced Computing Techniques in Engineering and Technology (ACTET 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 2000))

  • 50 Accesses

Abstract

Capsule Networks (CapsNets) have gained significant attention in recent years due to their potential for improved representation learning and robustness. However, their vulnerability to adversarial attacks poses challenges for their deployment in safety-critical applications. This paper provides a critical review of the robustness challenges faced by CapsNets and explores various mitigation strategies proposed in the literature. The review includes an analysis of the adversarial attacks targeting CapsNets, such as manipulating primary capsule votes and direct targeting of CapsNets’ votes. The computational cost of applying existing attack methods designed for Convolutional Neural Networks (CNNs) to CapsNets is also examined. To enhance the robustness of CapsNets, the incorporation of detection-aware attacks and innovative defense mechanisms is discussed. The effectiveness and efficiency of these defense strategies are evaluated through extensive experiments. The findings reveal the superiority of certain defense mechanisms in mitigating adversarial attacks on CapsNets. However, it is acknowledged that further research is needed to explore more robust attacks and approvals and to compare the robustness of CapsNets with CNNs. This critical review aims to provide insights into the current state of adversarial attacks and defenses in Capsule Networks, facilitating future research and development in this field.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kurakin, A., et al.: Adversarial attacks and defenses competition, pp. 195–231 (2018). https://doi.org/10.1007/978-3-319-94042-7_11

  2. Qin, Y., Frosst, N., Raffel, C., Cottrell, G., Hinton, G.: Deflecting Adversarial Attacks, no. ICML (2020). http://arxiv.org/abs/2002.07405

  3. Liu, N., Du, M., Guo, R., Liu, H., Hu, X.: Adversarial attacks and defenses: an interpretation perspective (2020). http://arxiv.org/abs/2004.11488

  4. Marchisio, A., Nanfa, G., Khalid, F., Hanif, M.A., Martina, M., Shafique, M.: SeVuc: a study on the security vulnerabilities of capsule networks against adversarial attacks. Microprocess. Microsyst. 96, 104738 (2023). https://doi.org/10.1016/j.micpro.2022.104738

  5. Osuala, R., et al.: Data synthesis and adversarial networks: a review and meta-analysis in cancer imaging. Med. Image Anal. 84, 102704 (2023). https://doi.org/10.1016/j.media.2022.102704

  6. Marchisio, A., Nanfa, G., Khalid, F., Hanif, M.A., Martina, M., Shafique, M.: CapsAttacks: robust and imperceptible adversarial attacks on capsule networks, pp. 1–10 (2019). http://arxiv.org/abs/1901.09878

  7. Shafique, M., et al.: Robust machine learning systems: challenges, current trends, perspectives, and the road ahead. IEEE Des. Test 37(2), 30–57 (2020). https://doi.org/10.1109/MDAT.2020.2971217

    Article  Google Scholar 

  8. Gu, J., Wu, B., Tresp, V.: Effective and efficient vote attack on capsule networks, pp. 1–16 (2021). http://arxiv.org/abs/2102.10055

  9. Wu, B., et al.: Attacking adversarial attacks as a defense (2021). http://arxiv.org/abs/2106.04938

  10. Sharma, A., Bian, Y., Munz, P., Narayan, A.: Adversarial patch attacks and defenses in vision-based tasks: a survey, pp. 1–15 (2022). http://arxiv.org/abs/2206.08304

  11. Jindong, G., Zhao, H., Tresp, V., Torr, P.H.S.: SegPGD: an effective and efficient adversarial attack for evaluating and boosting segmentation robustness. In: Avidan, S., Brostow, G., Cissé, M., Farinella, G.M., Hassner, T. (eds.) Computer Vision – ECCV 2022, Part XXIX, pp. 308–325. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-19818-2_18

    Chapter  Google Scholar 

  12. Marchisio, A., De Marco, A., Colucci, A., Martina, M., Shafique, M.: RobCaps: evaluating the robustness of capsule networks against affine transformations and adversarial attacks, pp. 1–9 (2023). http://arxiv.org/abs/2304.03973

  13. Rasheed, B., Khan, A., Ahmad, M., Mazzara, M., Kazmi, S.M.A.: Multiple adversarial domains adaptation approach for mitigating adversarial attacks effects. Int. Trans. Electr. Energy Syst. 2022 (2022). https://doi.org/10.1155/2022/2890761

  14. Mao, J., Weng, B., Huang, T., Ye, F., Huang, L.: Research on multimodality face antispoofing model based on adversarial attacks. Secur. Commun. Netw. 2021 (2021). https://doi.org/10.1155/2021/3670339

  15. Hu, L., et al.: Transferable adversarial attacks against automatic modulation classifier in wireless communications. Wirel. Commun. Mob. Comput. 2022 (2022). https://doi.org/10.1155/2022/5472324

  16. Han, X., Zhang, Y., Wang, W., Wang, B.: Text adversarial attacks and defenses: issues, taxonomy, and perspectives. Secur. Commun. Netw. 2022 (2022). https://doi.org/10.1155/2022/6458488

  17. Fu, X., Gu, Z., Han, W., Qian, Y., Wang, B.: Exploring security vulnerabilities of deep learning models by adversarial attacks. Wirel. Commun. Mob. Comput. 2021 (2021). https://doi.org/10.1155/2021/9969867

  18. Yin, H., Zhang, H., Wang, J., Dou, R.: Boosting adversarial attacks on neural networks with better optimizer. Secur. Commun. Networks 1, 2021 (2021). https://doi.org/10.1155/2021/9983309

    Article  Google Scholar 

  19. Puttagunta, M.K., Ravi, S., Nelson Kennedy Babu, C.: Adversarial examples: attacks and defenses on medical deep learning systems. Multimed. Tools Appl. (2023). https://doi.org/10.1007/s11042-023-14702-9

  20. Li, Y., Su, H., Zhu, J.: AdvCapsNet: to defense adversarial attacks based on Capsule networks. J. Vis. Commun. Image Represent. 75, 103037 (2021). https://doi.org/10.1016/j.jvcir.2021.103037

  21. Hahn, T., Pyeon, M., Kim, G.: Self-routing capsule networks. In: Advances in Neural Information Processing Systems, vol. 32, no. NeurIPS (2019)

    Google Scholar 

  22. Marchisio, A., Mrazek, V., Massa, A., Bussolino, B., Martina, M., Shafique, M.: RoHNAS: a neural architecture search framework with conjoint optimization for adversarial robustness and hardware efficiency of convolutional and capsule networks. IEEE Access 10, 109043–109055 (2022). https://doi.org/10.1109/ACCESS.2022.3214312

    Article  Google Scholar 

  23. Lau, C.P., Liu, J., Lin, W.A., Souri, H., Khorramshahi, P., Chellappa, R.: Adversarial attacks and robust defenses in deep learning. Handb. Stat. 48, 29–58 (2023). https://doi.org/10.1016/bs.host.2023.01.001

    Article  Google Scholar 

  24. Austin Short, A.G., Pay, T.L.: Adversarial examples, DLSS, vol. SAND2019-1, pp. 1–6 (2019). https://www.osti.gov/servlets/purl/1569514

  25. Moosavi-Dezfooli, S.M., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: Proceedings - 30th IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2017, vol. 2017-January, pp. 86–94 (2017). https://doi.org/10.1109/CVPR.2017.17

  26. Arvidsson, V., Al-Mashahedi, A., Boldt, M.: Evaluation of defense methods against the one-pixel attack on deep neural networks. In: 35th Annual Workshop Swedish Artificial Intelligence Society, SAIS 2023, vol. 199, pp. 49–57 (2023). https://doi.org/10.3384/ecp199005

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Devang Patel Institute of Advance Technology and Research (DEPSTAR), Faculty of Technology and Engineering (FTE), Charotar University of Science and Technology (CHARUSAT), Changa, 388421, Gujarat, India

    Milind Shah

  2. Department of Computer Science and Engineering, School of Computer Science Engineering and Technology (SoCSET), ITM (SLS) Baroda University, Vadodara, Gujarat, India

    Kinjal Gandhi

  3. Graduate School of Engineering and Technology (GSET), Gujarat Technology University (GTU), Ahmedabad, Gujarat, India

    Seema Joshi

  4. Department of Computer Science & Engineering, School of Computer Science Engineering & Technology (SoCSET), ITM (SLS) Baroda University, Vadodara, Gujarat, India

    Mudita Dave Nagar & Ved Patel

  5. Department of Computer Science & Engineering with Cyber Security & Networking, School of Computer Science Engineering & Technology (SoCSET), ITM (SLS) Baroda University, Vadodara, Gujarat, India

    Yash Patel

Authors
  1. Milind Shah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kinjal Gandhi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seema Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mudita Dave Nagar
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ved Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Yash Patel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Milind Shah .

Editor information

Editors and Affiliations

  1. University of Sharjah, Sharjah, United Arab Emirates

    Ramesh C. Bansal

  2. Reshetnev Siberian State University of Science and Technology Krasnoyarsk, Krasnoyarsk, Russia

    Margarita N. Favorskaya

  3. Manipal University Jaipur, Jaipur, Rajasthan, India

    Shahbaz Ahmed Siddiqui

  4. Swami Keshvanand Institute of Technology Management and Gramothan, Jaipur, Rajasthan, India

    Pooja Jain

  5. Swami Keshvanand Institute of Technology Management and Gramothan, Jaipur, Rajasthan, India

    Ankush Tandon

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shah, M., Gandhi, K., Joshi, S., Nagar, M.D., Patel, V., Patel, Y. (2024). Adversarial Attacks and Defenses in Capsule Networks: A Critical Review of Robustness Challenges and Mitigation Strategies. In: Bansal, R.C., Favorskaya, M.N., Siddiqui, S.A., Jain, P., Tandon, A. (eds) Advanced Computing Techniques in Engineering and Technology. ACTET 2023. Communications in Computer and Information Science, vol 2000. Springer, Cham. https://doi.org/10.1007/978-3-031-54162-9_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-54162-9_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-54161-2

  • Online ISBN: 978-3-031-54162-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation