Combinando Feature squeezing e Lottery Tickets para Detecção de Exemplos Adversariais
Resumo
As redes neurais estão cada vez mais sendo utilizadas em diversas aplicações reais em diferentes domínios de conhecimento (e.g., medicina, agricultura e segurança). Entretanto, pequenas variações nos dados de entrada podem causar comportamentos totalmente inesperados do modelo aprendido. Uma técnica chamada feature squeezing tem objetivo de identificar quando imagens de teste podem causar esse fenômeno, combinada com uma estratégia de aprendizagem chamada lottery tickets mostra ser uma boa solução para tornar um modelo mais robusto aos ataques adversariais e com baixo consumo computacional.Referências
I. Goodfellow, J. Shlens, and C. Szegedy, "Explaining and harnessing adversarial examples," in International Conference on Learning Repre- sentations, 2015.
W. Xu, D. Evans, and Y. Qi, "Feature squeezing: Detecting adversarial examples in deep neural networks," arXiv preprint arXiv:1704.01155, 2017.
A. M. A.-A. Selami and A. F. Fadhil, "A study of the effects of gaussian noise on image features," kirkuk university journal for scientific studies, vol. 11, no. 3, pp. 152–169, 2016.
A. C. Bovik, Handbook of image and video processing. Academic press, 2010.
S. W. Hasinoff, "Photon, poisson noise." 2014.
D. Kuan, A. Sawchuk, T. Strand, and P. Chavel, "Adaptive restoration of images with speckle," IEEE Transactions on Acoustics, Speech, and Signal Processing, vol. 35, no. 3, pp. 373–383, 1987.
N. Carlini and D. Wagner, "Towards evaluating the robustness of neural IEEE, networks," in 2017 ieee symposium on security and privacy (sp). 2017, pp. 39–57.
J. Frankle and M. Carbin, "The lottery ticket hypothesis: Finding trainable neural networks," in 7th International Conference sparse, on Learning Representations, ICLR 2019, New Orleans, LA, USA, May 6-9, 2019. OpenReview.net, 2019. [Online]. Available: https: //openreview.net/forum?id=rJl-b3RcF7
V. N. e. G. H. Alex Krizhevsky, "Cifar-10 and cifar-100 datasets," https: //www.cs.toronto.edu/~kriz/cifar.html, (Acessado em 04/07/2020).
scikit image, "scikit-image 0.18.dev0 docs — skimage v0.18.dev0 docs," https://scikit-image.org/docs/dev/, (Acessado em 29/07/2020).
N. Papernot, I. Goodfellow, R. Sheatsley, R. Feinman, and P. McDaniel, "tensorflow / cleverhans: uma biblioteca de exemplo adversária para construir ataques, construir defesas e comparar ambos," https://github. com/tensorflow/cleverhans, (Acessado em 08/09/2020).
Y. LeCun, L. Bottou, Y. Bengio, and P. Haffner, "Gradient-based learning applied to document recognition," Proceedings of the IEEE, vol. 86, no. 11, pp. 2278–2324, 1998.
scipy, "scipy.ndimage.median_filter — scipy v1.5.2 reference guide," https://docs.scipy.org/doc/scipy/reference/generated/scipy.ndimage. median_filter.html, (Accessed on 07/29/2020).
A. Chambolle, "An algorithm for total variation minimization and applications," Journal of Mathematical imaging and vision, vol. 20, no. 1-2, pp. 89–97, 2004.
S. G. Chang, B. Yu, and M. Vetterli, "Adaptive wavelet thresholding for image denoising and compression," IEEE transactions on image processing, vol. 9, no. 9, pp. 1532–1546, 2000.
O. S. C. Vision, "Opencv: Image denoising," https://docs.opencv.org/3.4/ d5/d69/tutorial_py_non_local_means.html, (Acessado em 08/07/2020).
W. Xu, D. Evans, and Y. Qi, "Feature squeezing: Detecting adversarial examples in deep neural networks," arXiv preprint arXiv:1704.01155, 2017.
A. M. A.-A. Selami and A. F. Fadhil, "A study of the effects of gaussian noise on image features," kirkuk university journal for scientific studies, vol. 11, no. 3, pp. 152–169, 2016.
A. C. Bovik, Handbook of image and video processing. Academic press, 2010.
S. W. Hasinoff, "Photon, poisson noise." 2014.
D. Kuan, A. Sawchuk, T. Strand, and P. Chavel, "Adaptive restoration of images with speckle," IEEE Transactions on Acoustics, Speech, and Signal Processing, vol. 35, no. 3, pp. 373–383, 1987.
N. Carlini and D. Wagner, "Towards evaluating the robustness of neural IEEE, networks," in 2017 ieee symposium on security and privacy (sp). 2017, pp. 39–57.
J. Frankle and M. Carbin, "The lottery ticket hypothesis: Finding trainable neural networks," in 7th International Conference sparse, on Learning Representations, ICLR 2019, New Orleans, LA, USA, May 6-9, 2019. OpenReview.net, 2019. [Online]. Available: https: //openreview.net/forum?id=rJl-b3RcF7
V. N. e. G. H. Alex Krizhevsky, "Cifar-10 and cifar-100 datasets," https: //www.cs.toronto.edu/~kriz/cifar.html, (Acessado em 04/07/2020).
scikit image, "scikit-image 0.18.dev0 docs — skimage v0.18.dev0 docs," https://scikit-image.org/docs/dev/, (Acessado em 29/07/2020).
N. Papernot, I. Goodfellow, R. Sheatsley, R. Feinman, and P. McDaniel, "tensorflow / cleverhans: uma biblioteca de exemplo adversária para construir ataques, construir defesas e comparar ambos," https://github. com/tensorflow/cleverhans, (Acessado em 08/09/2020).
Y. LeCun, L. Bottou, Y. Bengio, and P. Haffner, "Gradient-based learning applied to document recognition," Proceedings of the IEEE, vol. 86, no. 11, pp. 2278–2324, 1998.
scipy, "scipy.ndimage.median_filter — scipy v1.5.2 reference guide," https://docs.scipy.org/doc/scipy/reference/generated/scipy.ndimage. median_filter.html, (Accessed on 07/29/2020).
A. Chambolle, "An algorithm for total variation minimization and applications," Journal of Mathematical imaging and vision, vol. 20, no. 1-2, pp. 89–97, 2004.
S. G. Chang, B. Yu, and M. Vetterli, "Adaptive wavelet thresholding for image denoising and compression," IEEE transactions on image processing, vol. 9, no. 9, pp. 1532–1546, 2000.
O. S. C. Vision, "Opencv: Image denoising," https://docs.opencv.org/3.4/ d5/d69/tutorial_py_non_local_means.html, (Acessado em 08/07/2020).
Publicado
07/11/2020
Como Citar
DA SILVA, Leon Tenório; FARIA, Fabio Augusto.
Combinando Feature squeezing e Lottery Tickets para Detecção de Exemplos Adversariais. In: WORKSHOP DE TRABALHOS DA GRADUAÇÃO - CONFERENCE ON GRAPHICS, PATTERNS AND IMAGES (SIBGRAPI), 33. , 2020, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 207-210.
DOI: https://doi.org/10.5753/sibgrapi.est.2020.13013.
