The Noise Blowing-Up Strategy Creates High Quality High Resolution Adversarial Images against Convolutional Neural Networks

TOPAL, Ali Osman; MANCELLARI, Enea; LEPREVOST, Franck; AVDUSINOVIC, Elmir; GILLET, Thomas

doi:10.3390/app14083493

Article (Scientific journals)

The Noise Blowing-Up Strategy Creates High Quality High Resolution Adversarial Images against Convolutional Neural Networks

TOPAL, Ali Osman; MANCELLARI, Enea; LEPREVOST, Franck et al.

2024 • In Applied sciences (Basel, Switzerland), 14 (8), p. 3493

Peer reviewed

Permalink
https://hdl.handle.net/10993/66892

DOI
10.3390/app14083493

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

applsci-14-03493-v2.pdf

Publisher postprint (28.47 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

black-box attack; convolutional neural network; evolutionary algorithm; high-resolution adversarial image; noise blowing-up; Materials Science (all); Instrumentation; Engineering (all); Process Chemistry and Technology; Computer Science Applications; Fluid Flow and Transfer Processes

Abstract :

[en] Convolutional neural networks (CNNs) serve as powerful tools in computer vision tasks with extensive applications in daily life. However, they are susceptible to adversarial attacks. Still, attacks can be positive for at least two reasons. Firstly, revealing CNNs vulnerabilities prompts efforts to enhance their robustness. Secondly, adversarial images can also be employed to preserve privacy-sensitive information from CNN-based threat models aiming to extract such data from images. For such applications, the construction of high-resolution adversarial images is mandatory in practice. This paper firstly quantifies the speed, adversity, and visual quality challenges involved in the effective construction of high-resolution adversarial images, secondly provides the operational design of a new strategy, called here the noise blowing-up strategy, working for any attack, any scenario, any CNN, any clean image, thirdly validates the strategy via an extensive series of experiments. We performed experiments with 100 high-resolution clean images, exposing them to seven different attacks against 10 CNNs. Our method achieved an overall average success rate of 75% in the targeted scenario and 64% in the untargeted scenario. We revisited the failed cases: a slight modification of our method led to success rates larger than 98.9%. As of today, the noise blowing-up strategy is the first generic approach that successfully solves all three speed, adversity, and visual quality challenges, and therefore effectively constructs high-resolution adversarial images with high-quality requirements.

Precision for document type :

Review article

Disciplines :

Computer science

Author, co-author :

TOPAL, Ali Osman ^✱; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

MANCELLARI, Enea ^✱; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

LEPREVOST, Franck ^✱; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

AVDUSINOVIC, Elmir ^✱; University of Luxembourg > Faculty of Science, Technology and Medicine (FSTM) > Department of Computer Science (DCS)

GILLET, Thomas ^✱; University of Luxembourg > Faculty of Humanities, Education and Social Sciences > Department of Behavioural and Cognitive Sciences > Team Marian VAN DER MEULEN

^✱ These authors have contributed equally to this work.

External co-authors :

Language :

English

Title :

The Noise Blowing-Up Strategy Creates High Quality High Resolution Adversarial Images against Convolutional Neural Networks

Publication date :

April 2024

Journal title :

Applied sciences (Basel, Switzerland)

ISSN :

2076-3417

eISSN :

2076-3417

Publisher :

Multidisciplinary Digital Publishing Institute (MDPI)

Special issue title :

Adversarial Attacks and Cyber Security: Trends and Challenges

Volume :

Issue :

Pages :

3493

Peer reviewed :

Peer reviewed

Additional URL :

https://www.mdpi.com/2076-3417/14/8/3493/pdf

Available on ORBilu :

since 17 December 2025

Statistics

Number of views

33 (11 by Unilu)

Number of downloads

11 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

Taye M.M. Theoretical Understanding of Convolutional Neural Network: Concepts, Architectures, Applications, Future Directions Computation 2023 11 52 10.3390/computation11030052
Sun Y. Xue B. Zhang M. Yen G.G. Evolving deep convolutional neural networks for image classification IEEE Trans. Evol. Comput. 2019 24 394 407 10.1109/TEVC.2019.2916183
Szegedy C. Zaremba W. Sutskever I. Bruna J. Erhan D. Goodfellow I.J. Fergus R. Intriguing properties of neural networks Proceedings of the 2nd International Conference on Learning Representations, ICLR 2014 Banff, AB, Canada 14–16 April 2014
Gao H. Cheng B. Wang J. Li K. Zhao J. Li D. Object classification using CNN-based fusion of vision and LIDAR in autonomous vehicle environment IEEE Trans. Ind. Inform. 2018 14 4224 4231 10.1109/TII.2018.2822828
Coşkun M. Uçar A. Yildirim Ö. Demir Y. Face recognition based on convolutional neural network Proceedings of the 2017 International Conference on Modern Electrical and Energy Systems (MEES) Kremenchuk, Ukraine 15–17 November 2017 376 379
Yang S. Wang W. Liu C. Deng W. Scene understanding in deep learning-based end-to-end controllers for autonomous vehicles IEEE Trans. Syst. Man Cybern. Syst. 2018 49 53 63 10.1109/TSMC.2018.2868372
Ghosh A. Jana N.D. Das S. Mallipeddi R. Two-Phase Evolutionary Convolutional Neural Network Architecture Search for Medical Image Classification IEEE Access 2023 11 115280 115305 10.1109/ACCESS.2023.3323705
Abdou M.A. Literature review: Efficient deep neural networks techniques for medical image analysis Neural Comput. Appl. 2022 34 5791 5812 10.1007/s00521-022-06960-9
Chugh A. Sharma V.K. Kumar S. Nayyar A. Qureshi B. Bhatia M.K. Jain C. Spider monkey crow optimization algorithm with deep learning for sentiment classification and information retrieval IEEE Access 2021 9 24249 24262 10.1109/ACCESS.2021.3055507
Fahfouh A. Riffi J. Mahraz M.A. Yahyaouy A. Tairi H. PV-DAE: A hybrid model for deceptive opinion spam based on neural network architectures Expert Syst. Appl. 2020 157 113517 10.1016/j.eswa.2020.113517
Cao J. Lam K.Y. Lee L.H. Liu X. Hui P. Su X. Mobile augmented reality: User interfaces, frameworks, and intelligence ACM Comput. Surv. 2023 55 1 36 10.1145/3557999
Coskun H. Yiğit T. Üncü İ.S. Integration of digital quality control for intelligent manufacturing of industrial ceramic tiles Ceram. Int. 2022 48 34210 34233 10.1016/j.ceramint.2022.05.224
Khan M.J. Singh P.P. Advanced road extraction using CNN-based U-Net model and satellite imagery E-Prime Electr. Eng. Electron. Energy 2023 5 100244 10.1016/j.prime.2023.100244
Saralioglu E. Gungor O. Semantic segmentation of land cover from high resolution multispectral satellite images by spectral-spatial convolutional neural network Geocarto Int. 2022 37 657 677 10.1080/10106049.2020.1734871
Zhang Y. Liu Y. Liu J. Miao J. Argyriou A. Wang L. Xu Z. 360-attack: Distortion-aware perturbations from perspective-views Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition New Orleans, LA, USA 18–24 June 2022 15035 15044
Meng W. Xing X. Sheth A. Weinsberg U. Lee W. Your online interests: Pwned! a pollution attack against targeted advertising Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security Scottsdale, AZ, USA 3–7 November 2014 129 140
Hardt M. Nath S. Privacy-aware personalization for mobile advertising Proceedings of the 2012 ACM Conference on Computer and Communications Security Raleigh, NC, USA 16–18 October 2012 662 673
Biggio B. Corona I. Maiorca D. Nelson B. Šrndić N. Laskov P. Giacinto G. Roli F. Evasion attacks against machine learning at test time Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases Prague, Czech Republic 23–27 September 2013 Springer Berlin/Heidelberg, Germany 2013 387 402
Carlini N. Wagner D. Towards evaluating the robustness of neural networks Proceedings of the 2017 IEEE Symposium on Security and Privacy (SP) San Jose, CA, USA 22–26 May 2017 39 57
Wang Y. Liu J. Chang X. Misic J.V. Misic V.B. IWA: Integrated Gradient based White-box Attacks for Fooling Deep Neural Networks arXiv 2021 2102.02128 10.1002/int.22720
Mohammadian H. Ghorbani A.A. Lashkari A.H. A gradient-based approach for adversarial attack on deep learning-based network intrusion detection systems Appl. Soft Comput. 2023 137 110173 10.1016/j.asoc.2023.110173
Papernot N. McDaniel P. Goodfellow I. Jha S. Celik Z.B. Swami A. Practical black-box attacks against machine learning Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security Abu Dhabi, United Arab Emirates 2–7 April 2017 506 519
Andriushchenko M. Croce F. Flammarion N. Hein M. Square attack: A query-efficient black-box adversarial attack via random search European Conference on Computer Vision Springer Cham, Switzerland 2020 484 501
Chitic R. Bernard N. Leprévost F. A proof of concept to deceive humans and machines at image classification with evolutionary algorithms Proceedings of the Intelligent Information and Database Systems, 12th Asian Conference, ACIIDS 2020 Phuket, Thailand 23–26 March 2020 Springer Berlin/Heidelberg, Germany 2020 467 480
Chitic R. Leprévost F. Bernard N. Evolutionary algorithms deceive humans and machines at image classification: An extended proof of concept on two scenarios J. Inf. Telecommun. 2020 5 121 143 10.1080/24751839.2020.1829388
Al-Ahmadi S. Al-Eyead S. GAN-based Approach to Crafting Adversarial Malware Examples against a Heterogeneous Ensemble Classifier Proceedings of the 19th International Conference on Security and Cryptography—Volume 1: SECRYPT, INSTICC Lisbon, Portugal 11–13 July 2022 SciTePress Setúbal, Portugal 2022 451 460 10.5220/0011338800003283
Topal A.O. Chitic R. Leprévost F. One evolutionary algorithm deceives humans and ten convolutional neural networks trained on ImageNet at image recognition Appl. Soft Comput. 2023 143 110397 10.1016/j.asoc.2023.110397
Deng J. Dong W. Socher R. Li L.J. Li K. Fei-Fei L. The ImageNet Image Database 2009 Available online: http://image-net.org (accessed on 14 April 2024)
Leprévost F. Topal A.O. Avdusinovic E. Chitic R. A Strategy Creating High-Resolution Adversarial Images against Convolutional Neural Networks and a Feasibility Study on 10 CNNs J. Inf. Telecommun. 2022 7 89 119 10.1080/24751839.2022.2132586
Leprévost F. Topal A.O. Avdusinovic E. Chitic R. Strategy and Feasibility Study for the Construction of High Resolution Images Adversarial against Convolutional Neural Networks Proceedings of the Intelligent Information and Database Systems, 13th Asian Conference, ACIIDS 2022 Ho-Chi-Minh-City, Vietnam 28–30 November 2022 Springer Berlin/Heidelberg, Germany 2022 467 480
Leprévost F. Topal A.O. Mancellari E. Creating High-Resolution Adversarial Images Against Convolutional Neural Networks with the Noise Blowing-Up Method Intelligent Information and Database Systems Nguyen N.T. Boonsang S. Fujita H. Hnatkowska B. Hong T.P. Pasupa K. Selamat A. Springer Singapore 2023 121 134
Van Rossum G. Drake F.L. Python 3 Reference Manual CreateSpace Scotts Valley, CA, USA 2009
Oliphant T.E. Guide to NumPy Trelgol 2006 Available online: https://web.mit.edu/dvp/Public/numpybook.pdf (accessed on 14 April 2024)
Abadi M. Agarwal A. Barham P. Brevdo E. Chen Z. Citro C. Corrado G.S. Davis A. Dean J. Devin M. et al. TensorFlow: Large-Scale Machine Learning on Heterogeneous Systems 2015 Available online: https://www.tensorflow.org (accessed on 14 April 2024)
Keras 2015 Available online: https://keras.io (accessed on 14 April 2024)
Van der Walt S. Schönberger J.L. Nunez-Iglesias J. Boulogne F. Warner J.D. Yager N. Gouillart E. Yu T. The Scikit-Image Contributors scikit-image: Image processing in Python PeerJ 2014 2 e453 10.7717/peerj.453 25024921
Heusel M. Ramsauer H. Unterthiner T. Nessler B. Hochreiter S. Gans trained by a two time-scale update rule converge to a local nash equilibrium Adv. Neural Inf. Process. Syst. 2017 30 10.48550/arXiv.1706.08500
Luo C. Lin Q. Xie W. Wu B. Xie J. Shen L. Frequency-driven imperceptible adversarial attack on semantic similarity Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition New Orleans, LA, USA 18–24 June 2022 15315 15324
Chen F. Wang J. Liu H. Kong W. Zhao Z. Ma L. Liao H. Zhang D. Frequency constraint-based adversarial attack on deep neural networks for medical image classification Comput. Biol. Med. 2023 164 107248 10.1016/j.compbiomed.2023.107248
Liu J. Lu B. Xiong M. Zhang T. Xiong H. Adversarial Attack with Raindrops arXiv 2023 2302.14267
Zhao Z. Liu Z. Larson M. Towards large yet imperceptible adversarial image perturbations with perceptual color distance Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Seattle, WA, USA 13–19 June 2020 1039 1048
Johnson J. Alahi A. Fei-Fei L. Perceptual losses for real-time style transfer and super-resolution Proceedings of the Computer Vision–ECCV 2016: 14th European Conference Amsterdam, The Netherlands 11–14 October 2016 Proceedings, Part II 14 Springer Cham, Switzerland 2016 694 711
Szegedy C. Vanhoucke V. Ioffe S. Shlens J. Wojna Z. Rethinking the Inception Architecture for Computer Vision arXiv 2015 1512.00567
Patel V. Mistree K. A review on different image interpolation techniques for image enhancement Int. J. Emerg. Technol. Adv. Eng. 2013 3 129 133
Agrafiotis D. Chapter 9—Video Error Concealment Academic Press Library in signal Processing Theodoridis S. Chellappa R. Elsevier Amsterdam, The Netherlands 2014 Volume 5 295 321 10.1016/B978-0-12-420149-1.00009-0
Keys R. Cubic convolution interpolation for digital image processing IEEE Trans. Acoust. Speech Signal Process. 1981 29 1153 1160 10.1109/TASSP.1981.1163711
Duchon C.E. Lanczos filtering in one and two dimensions J. Appl. Meteorol. Climatol. 1979 18 1016 1022 10.1175/1520-0450(1979)018<1016:LFIOAT>2.0.CO;2
Parsania P.S. Virparia P.V. A comparative analysis of image interpolation algorithms Int. J. Adv. Res. Comput. Commun. Eng. 2016 5 29 34 10.17148/IJARCCE.2016.5107
Chitic R. Topal A.O. Leprévost F. ShuffleDetect: Detecting Adversarial Images against Convolutional Neural Networks Appl. Sci. 2023 13 4068 10.3390/app13064068
Nicolae M.I. Sinn M. Tran M.N. Buesser B. Rawat A. Wistuba M. Zantedeschi V. Baracaldo N. Chen B. Ludwig H. et al. Adversarial Robustness Toolbox v1.2.0 arXiv 2018 1807.01069
Xiao C. Li B. Zhu J.Y. He W. Liu M. Song D. Generating Adversarial Examples with Adversarial Networks arXiv 2019 1801.02610
Guo C. Gardner J. You Y. Wilson A.G. Weinberger K. Simple black-box adversarial attacks Proceedings of the International Conference on Machine Learning, PMLR Long Beach, CA, USA 9–15 June 2019 2484 2493
Goodfellow I.J. Shlens J. Szegedy C. Explaining and Harnessing Adversarial Examples arXiv 2015 1810.00069
Kurakin A. Goodfellow I.J. Bengio S. Adversarial examples in the physical world arXiv 2016 1607.02533
Madry A. Makelov A. Schmidt L. Tsipras D. Vladu A. Towards Deep Learning Models Resistant to Adversarial Attacks arXiv 2019 1706.06083
SpeedyGraphito Mes 400 Coups Panoramart France 2020