Advertisement

Friend-Safe Adversarial Examples in an Evasion Attack on a Deep Neural Network

  • Hyun Kwon
  • Hyunsoo Yoon
  • Daeseon Choi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10779)

Abstract

Deep neural networks (DNNs) perform effectively in machine learning tasks such as image recognition, intrusion detection, and pattern analysis. Recently proposed adversarial examples—slightly modified data that lead to incorrect classification—are a severe threat to the security of DNNs. However, in some situations, adversarial examples might be useful, i.e., for deceiving an enemy classifier on a battlefield. In that case, friendly classifiers should not be deceived. In this paper, we propose adversarial examples that are friend-safe, which means that friendly machines can classify the adversarial example correctly. To make such examples, the transformation is carried out to minimize the friend’s wrong classification and the adversary’s correct classification. We suggest two configurations of the scheme: targeted and untargeted class attacks. In experiments using the MNIST dataset, the proposed method shows a 100% attack success rate and 100% friendly accuracy with little distortion (2.18 and 1.53 for each configuration, respectively). Finally, we propose a mixed battlefield application and a new covert channel scheme.

Keywords

Adversarial example Covert channel Deep neural network Evasion attack 

Notes

Acknowledgment

This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2017-0-00380, Development of next generation user authentication and No. 2016-0-00173, Security Technologies for Financial Fraud Prevention on Fintech).

References

  1. 1.
    Schmidhuber, J.: Deep learning in neural networks: an overview. Neural Netw. 61, 85–117 (2015)CrossRefGoogle Scholar
  2. 2.
    Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014)
  3. 3.
    Hinton, G., et al.: Deep neural networks for acoustic modeling in speech recognition: the shared views of four research groups. IEEE Sig. Process. Mag. 29(6), 82–97 (2012)Google Scholar
  4. 4.
    Potluri, S., Diedrich, C.: Accelerated deep neural networks for enhanced Intrusion Detection System. In: 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (2016)Google Scholar
  5. 5.
    Collobert, R., Weston, J.: A unified architecture for natural language processing: deep neural networks with multitask learning. In: Proceedings of the 25th International Conference on Machine Learning (2008)Google Scholar
  6. 6.
    Silver, D., et al.: Mastering the game of Go with deep neural networks and tree search. Nature 529(7587), 484–489 (2016)Google Scholar
  7. 7.
    Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)
  8. 8.
    McDaniel, P., Papernot, N., Celik, Z.B.: Machine learning in adversarial settings. IEEE Secur. Privacy 14(3), 68–72 (2016)Google Scholar
  9. 9.
    LeCun, Y., Cortes, C., Burges, C.J.C.: MNIST handwritten digit database. AT&T Labs, vol. 2. http://yann.lecun.com/exdb/mnist (2010)
  10. 10.
    Papernot, N., et al.: Distillation as a defense to adversarial perturbations against deep neural networks. In: 2016 IEEE Symposium on Security and Privacy (2016)Google Scholar
  11. 11.
    Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (2017)Google Scholar
  12. 12.
    Smeets, M., Koot, M.: Covert Channels. Research Report for RPI University of Amsterdam MSc in System and Network Engineering (2006)Google Scholar
  13. 13.
    Barreno, M., et al.: The security of machine learning. Mach. Learn. 81, 121–148 (2010)Google Scholar
  14. 14.
    Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. arXiv preprint arXiv:1206.6389 (2012)
  15. 15.
    Mozaffari-Kermani, M., et al.: Systematic poisoning attacks on and defenses for machine learning in healthcare. IEEE J. Biomed. Health Inform. 19(6), 1893–1905 (2015)Google Scholar
  16. 16.
    Yang, C., et al.: Generative poisoning attack method against neural networks. arXiv preprint arXiv:1703.01340 (2017)
  17. 17.
    Papernot, N., et al.: The limitations of deep learning in adversarial settings. In: 2016 IEEE European Symposium on Security and Privacy (2016)Google Scholar
  18. 18.
    Moosavi-Dezfooli, S.-M., Fawzi, A., Frossard, P.: Deepfool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (2016)Google Scholar
  19. 19.
    Biggio, B., Fumera, G., Roli, F.: Security evaluation of pattern classifiers under attack. IEEE Trans. Knowl. Data Eng. 26(4), 984–996 (2014)CrossRefGoogle Scholar
  20. 20.
    Cortes, C., Vapnik, V.: Support vector machine. Mach. Learn. 20(3), 273–297 (1995)zbMATHGoogle Scholar
  21. 21.
    Kleinbaum, D.G., Klein, M.: Introduction to Logistic Regression, pp. 1–39. Springer, New York (2010).  https://doi.org/10.1007/978-1-4419-1742-3_1 Google Scholar
  22. 22.
    Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)
  23. 23.
    Abadi, M., et al.: Tensorflow: large-scale machine learning on heterogeneous distributed systems. arXiv preprint arXiv:1603.04467 (2016)
  24. 24.
    LeCun, Y., Bottou, L., Bengio, Y., Haffner, P.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)Google Scholar
  25. 25.
    Kingma, D., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
  26. 26.
    Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems (2014)Google Scholar
  27. 27.
    Odena, A., Olah, C., Shlens, J.: Conditional image synthesis with auxiliary classifier GANs. arXiv preprint arXiv:1610.09585 (2016)

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Korea Advanced Institute of Science and Technology (KAIST)DaejeonSouth Korea
  2. 2.Kongju National UniversityGongju-siSouth Korea

Personalised recommendations