Abstract
Capsule Networks (CapsNets) have gained significant attention in recent years due to their potential for improved representation learning and robustness. However, their vulnerability to adversarial attacks poses challenges for their deployment in safety-critical applications. This paper provides a critical review of the robustness challenges faced by CapsNets and explores various mitigation strategies proposed in the literature. The review includes an analysis of the adversarial attacks targeting CapsNets, such as manipulating primary capsule votes and direct targeting of CapsNets’ votes. The computational cost of applying existing attack methods designed for Convolutional Neural Networks (CNNs) to CapsNets is also examined. To enhance the robustness of CapsNets, the incorporation of detection-aware attacks and innovative defense mechanisms is discussed. The effectiveness and efficiency of these defense strategies are evaluated through extensive experiments. The findings reveal the superiority of certain defense mechanisms in mitigating adversarial attacks on CapsNets. However, it is acknowledged that further research is needed to explore more robust attacks and approvals and to compare the robustness of CapsNets with CNNs. This critical review aims to provide insights into the current state of adversarial attacks and defenses in Capsule Networks, facilitating future research and development in this field.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kurakin, A., et al.: Adversarial attacks and defenses competition, pp. 195–231 (2018). https://doi.org/10.1007/978-3-319-94042-7_11
Qin, Y., Frosst, N., Raffel, C., Cottrell, G., Hinton, G.: Deflecting Adversarial Attacks, no. ICML (2020). http://arxiv.org/abs/2002.07405
Liu, N., Du, M., Guo, R., Liu, H., Hu, X.: Adversarial attacks and defenses: an interpretation perspective (2020). http://arxiv.org/abs/2004.11488
Marchisio, A., Nanfa, G., Khalid, F., Hanif, M.A., Martina, M., Shafique, M.: SeVuc: a study on the security vulnerabilities of capsule networks against adversarial attacks. Microprocess. Microsyst. 96, 104738 (2023). https://doi.org/10.1016/j.micpro.2022.104738
Osuala, R., et al.: Data synthesis and adversarial networks: a review and meta-analysis in cancer imaging. Med. Image Anal. 84, 102704 (2023). https://doi.org/10.1016/j.media.2022.102704
Marchisio, A., Nanfa, G., Khalid, F., Hanif, M.A., Martina, M., Shafique, M.: CapsAttacks: robust and imperceptible adversarial attacks on capsule networks, pp. 1–10 (2019). http://arxiv.org/abs/1901.09878
Shafique, M., et al.: Robust machine learning systems: challenges, current trends, perspectives, and the road ahead. IEEE Des. Test 37(2), 30–57 (2020). https://doi.org/10.1109/MDAT.2020.2971217
Gu, J., Wu, B., Tresp, V.: Effective and efficient vote attack on capsule networks, pp. 1–16 (2021). http://arxiv.org/abs/2102.10055
Wu, B., et al.: Attacking adversarial attacks as a defense (2021). http://arxiv.org/abs/2106.04938
Sharma, A., Bian, Y., Munz, P., Narayan, A.: Adversarial patch attacks and defenses in vision-based tasks: a survey, pp. 1–15 (2022). http://arxiv.org/abs/2206.08304
Jindong, G., Zhao, H., Tresp, V., Torr, P.H.S.: SegPGD: an effective and efficient adversarial attack for evaluating and boosting segmentation robustness. In: Avidan, S., Brostow, G., Cissé, M., Farinella, G.M., Hassner, T. (eds.) Computer Vision – ECCV 2022, Part XXIX, pp. 308–325. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-19818-2_18
Marchisio, A., De Marco, A., Colucci, A., Martina, M., Shafique, M.: RobCaps: evaluating the robustness of capsule networks against affine transformations and adversarial attacks, pp. 1–9 (2023). http://arxiv.org/abs/2304.03973
Rasheed, B., Khan, A., Ahmad, M., Mazzara, M., Kazmi, S.M.A.: Multiple adversarial domains adaptation approach for mitigating adversarial attacks effects. Int. Trans. Electr. Energy Syst. 2022 (2022). https://doi.org/10.1155/2022/2890761
Mao, J., Weng, B., Huang, T., Ye, F., Huang, L.: Research on multimodality face antispoofing model based on adversarial attacks. Secur. Commun. Netw. 2021 (2021). https://doi.org/10.1155/2021/3670339
Hu, L., et al.: Transferable adversarial attacks against automatic modulation classifier in wireless communications. Wirel. Commun. Mob. Comput. 2022 (2022). https://doi.org/10.1155/2022/5472324
Han, X., Zhang, Y., Wang, W., Wang, B.: Text adversarial attacks and defenses: issues, taxonomy, and perspectives. Secur. Commun. Netw. 2022 (2022). https://doi.org/10.1155/2022/6458488
Fu, X., Gu, Z., Han, W., Qian, Y., Wang, B.: Exploring security vulnerabilities of deep learning models by adversarial attacks. Wirel. Commun. Mob. Comput. 2021 (2021). https://doi.org/10.1155/2021/9969867
Yin, H., Zhang, H., Wang, J., Dou, R.: Boosting adversarial attacks on neural networks with better optimizer. Secur. Commun. Networks 1, 2021 (2021). https://doi.org/10.1155/2021/9983309
Puttagunta, M.K., Ravi, S., Nelson Kennedy Babu, C.: Adversarial examples: attacks and defenses on medical deep learning systems. Multimed. Tools Appl. (2023). https://doi.org/10.1007/s11042-023-14702-9
Li, Y., Su, H., Zhu, J.: AdvCapsNet: to defense adversarial attacks based on Capsule networks. J. Vis. Commun. Image Represent. 75, 103037 (2021). https://doi.org/10.1016/j.jvcir.2021.103037
Hahn, T., Pyeon, M., Kim, G.: Self-routing capsule networks. In: Advances in Neural Information Processing Systems, vol. 32, no. NeurIPS (2019)
Marchisio, A., Mrazek, V., Massa, A., Bussolino, B., Martina, M., Shafique, M.: RoHNAS: a neural architecture search framework with conjoint optimization for adversarial robustness and hardware efficiency of convolutional and capsule networks. IEEE Access 10, 109043–109055 (2022). https://doi.org/10.1109/ACCESS.2022.3214312
Lau, C.P., Liu, J., Lin, W.A., Souri, H., Khorramshahi, P., Chellappa, R.: Adversarial attacks and robust defenses in deep learning. Handb. Stat. 48, 29–58 (2023). https://doi.org/10.1016/bs.host.2023.01.001
Austin Short, A.G., Pay, T.L.: Adversarial examples, DLSS, vol. SAND2019-1, pp. 1–6 (2019). https://www.osti.gov/servlets/purl/1569514
Moosavi-Dezfooli, S.M., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: Proceedings - 30th IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2017, vol. 2017-January, pp. 86–94 (2017). https://doi.org/10.1109/CVPR.2017.17
Arvidsson, V., Al-Mashahedi, A., Boldt, M.: Evaluation of defense methods against the one-pixel attack on deep neural networks. In: 35th Annual Workshop Swedish Artificial Intelligence Society, SAIS 2023, vol. 199, pp. 49–57 (2023). https://doi.org/10.3384/ecp199005
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Shah, M., Gandhi, K., Joshi, S., Nagar, M.D., Patel, V., Patel, Y. (2024). Adversarial Attacks and Defenses in Capsule Networks: A Critical Review of Robustness Challenges and Mitigation Strategies. In: Bansal, R.C., Favorskaya, M.N., Siddiqui, S.A., Jain, P., Tandon, A. (eds) Advanced Computing Techniques in Engineering and Technology. ACTET 2023. Communications in Computer and Information Science, vol 2000. Springer, Cham. https://doi.org/10.1007/978-3-031-54162-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-54162-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54161-2
Online ISBN: 978-3-031-54162-9
eBook Packages: Computer ScienceComputer Science (R0)