Creating High-Resolution Adversarial Images Against Convolutional Neural Networks with the Noise Blowing-Up Method

LEPREVOST, Franck; TOPAL, Ali Osman; MANCELLARI, Enea

doi:10.1007/978-981-99-5834-4_10

Request a copy

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

Creating High-Resolution Adversarial Images Against Convolutional Neural Networks with the Noise Blowing-Up Method

LEPREVOST, Franck; TOPAL, Ali Osman; MANCELLARI, Enea

2023 • In Nguyen, Ngoc Thanh; Hnatkowska, Bogumiła (Eds.) Intelligent Information and Database Systems - 15th Asian Conference, ACIIDS 2023, Proceedings

Peer reviewed

Permalink
https://hdl.handle.net/10993/58683

DOI
10.1007/978-981-99-5834-4_10

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

Speedy_Lift_ACIIDS_art__Revised_02_June_2023_.pdf

Author postprint (1.94 MB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Black-box attack; Convolutional Neural Network; Evolutionary Algorithm; High resolution adversarial image; Noise Blowing-Up; Black boxes; Convolutional neural network; High resolution; Input size; Lower resolution; Noise blowing-up; Quality challenges; Visual qualities; Theoretical Computer Science; Computer Science (all)

Abstract :

[en] Convolutional Neural Networks (CNNs) are widely used for image recognition tasks but are vulnerable to attacks. Most existing attacks create adversarial images of a size equal to the CNN’s input size; mainly because creating adversarial images in the high-resolution domain leads to substantial speed, adversity, and visual quality challenges. In a previous work, we developed a method that lifts any existing attack working efficiently in the CNN’s input size domain to the high-resolution domain. This method successfully addressed the first two challenges but only partially addressed the third one. The present article provides a crucial refinement of this strategy that, while keeping all its other features, substantially increases the visual quality of the obtained high-resolution adversarial images. The refinement amounts to a blowing-up to the high-resolution domain of the adversarial noise created in the low-resolution domain. Adding this blown-up noise to the clean original high-resolution image leads to an almost indistinguishable high-resolution adversarial image. The noise blowing-up strategy is successfully tested on an evolutionary-based black-box targeted attack against VGG-16 trained on ImageNet, with 10 high-resolution clean images.

Disciplines :

Computer science

Author, co-author :

LEPREVOST, Franck ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

TOPAL, Ali Osman ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

MANCELLARI, Enea ; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

External co-authors :

Language :

English

Title :

Creating High-Resolution Adversarial Images Against Convolutional Neural Networks with the Noise Blowing-Up Method

Publication date :

2023

Event name :

ACIIDS 2023

Event place :

Phuket, Thailand

Event date :

24-07-2023 => 26-07-2023

Audience :

International

Main work title :

Intelligent Information and Database Systems - 15th Asian Conference, ACIIDS 2023, Proceedings

Editor :

Nguyen, Ngoc Thanh

Hnatkowska, Bogumiła

Publisher :

Springer Science and Business Media Deutschland GmbH

ISBN/EAN :

9789819958337

Pages :

121-134

Peer reviewed :

Peer reviewed

Additional URL :

https://link.springer.com/content/pdf/10.1007/978-981-99-5834-4_10

Available on ORBilu :

since 05 December 2023

Statistics

Number of views

86 (4 by Unilu)

Number of downloads

0 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenAlex citations

Bibliography

Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous distributed systems. arXiv preprint arXiv:1603.04467 (2016)
Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39–57. IEEE (2017)
Chitic, R., Bernard, N., Leprévost, F.: A proof of concept to deceive humans and machines at image classification with evolutionary algorithms. In: Nguyen, N.T., Jearanaitanakij, K., Selamat, A., Trawiński, B., Chittayasothorn, S. (eds.) ACIIDS 2020. LNCS (LNAI), vol. 12034, pp. 467–480. Springer, Cham (2020). https://doi. org/10.1007/978-3-030-42058-1 39
Chitic, R., Leprévost, F., Bernard, N.: Evolutionary algorithms deceive humans and machines at image classification: an extended proof of concept on two scenarios. J. Inf. Telecommun., 1–23 (2020)
Chitic, R., Topal, A.O., Leprévost, F.: Evolutionary algorithm-based images, humanly indistinguishable and adversarial against convolutional neural networks: efficiency and filter robustness. IEEE Access 9, 160758–160778 (2021)
Chollet, F., et al.: Keras. https://keras.io (2015)
Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: The ImageNet image database (2009). http://image-net.org
Duchon, C.E.: Lanczos filtering in one and two dimensions. J. Appl. Meteorol. Climatol. 18(8), 1016–1022 (1979)
Guo, C., Gardner, J., You, Y., Wilson, A.G., Weinberger, K.: Simple black-box adversarial attacks. In: International Conference on Machine Learning, pp. 2484– 2493. PMLR (2019)
Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN. In: Tan, Y., Shi, Y. (eds.) Data Mining and Big Data: 7th International Conference, DMBD 2022, Beijing, China, 21–24 November 2022, Proceedings, Part II, pp. 409–423. Springer, Singapore (2023). https://doi.org/10.1007/978-981-19-8991-9 29
Leprévost, F., Topal, A.O., Avdusinovic, E., Chitic, R.: Strategy and feasibility study for the construction of high resolution images adversarial against convolutional neural networks. In: Nguyen, N.T., Tran, T.K., Tukayev, U., Hong, TP., Trawiński, B., Szczerbicki, E. (eds.) Intelligent Information and Database Systems. 14th Asian Conference, ACIIDS 2022, Ho-Chi-Minh-City, Vietnam, 28–30 November 2022, pp. 467–480. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-21743-2 23
Leprévost, F., Topal, A.O., Avdusinovic, E., Chitic, R.: A strategy creating high-resolution adversarial images against convolutional neural networks and a feasibility study on 10 CNNs. J. Inf. Telecommun., 1–31 (2022)
Oliphant, T.E.: A guide to NumPy. Trelgol Publishing USA (2006)
Parsania, P.S., Virparia, P.V.: A comparative analysis of image interpolation algorithms. Int. J. Adv. Res. Comput. Commun. Eng. 5(1), 29–34 (2016)
SpeedyGraphito: Mes 400 Coups. Panoramart (2020)
Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)
Topal, A.O., Chitic, R., Leprévost, F.: One evolutionary algorithm deceives humans and ten convolutional neural networks trained on ImageNet at image recognition. Appl. Soft Comput. 143, 110397 (2023). https://doi.org/10.1016/j.asoc.2023. 110397. https://www.sciencedirect.com/science/article/pii/S1568494623004155
Van Rossum, G., Drake, F.L.: Python 3 Reference Manual. CreateSpace, Scotts Valley (2009)
Van der Walt, S., et al.: The scikit-image contributors: scikit-image: image processing in Python. PeerJ 2, e453 (2014). https://doi.org/10.7717/peerj.453