Anomaly-Detection Defense Against Test-Time Evasion Attacks on Robust DNNs

Ye Tao, Zhen Xiang, David J. Miller, George Kesidis

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Deep Neural Networks (DNNs) are now commonly used for the mon-itoring and control of critical infrastructure, particularly to address classification, recognition, authentication, and detection problems. DNNs support the cooperation between sensing and high-dimensional analysis using the Dynamic Data-Driven Applications Systems (DDDAS) framework. However, such DNNs, and particularly those planned for tactical settings, may themselves be targets by enemy action. A class of potent “test-time evasion” (TTE) attacks have been developed to subvert DNNs. To address TTE attacks, methods of robust training have been proposed. This chapter provides a review of TTE defense methods and shows how robust classification forces the attacker to create TTEs with larger perturbations (but at the cost of decreased classification accuracy on clean data samples, due to the induced change in the training distribution). This chapter further investigates a defense capability, Anomaly Detection against Attacks (ADA), based on the combined use of a robust classifier and an anomaly detector. Experimentally it is shown how, when used with robust classification, the proposed ADA defense significantly reduces the effective attack success rate, that is, attacks that evade detection. Finally, this chapter discusses the general issue of effective attack success for TTEs with increasing attack strength.

Original languageEnglish (US)
Title of host publicationHandbook of Dynamic Data Driven Applications Systems
Subtitle of host publicationVolume 2
PublisherSpringer International Publishing
Pages795-805
Number of pages11
Volume2
ISBN (Electronic)9783031279867
ISBN (Print)9783031279850
DOIs
StatePublished - Jan 1 2023

All Science Journal Classification (ASJC) codes

  • General Computer Science
  • General Mathematics
  • General Social Sciences
  • General Engineering

Fingerprint

Dive into the research topics of 'Anomaly-Detection Defense Against Test-Time Evasion Attacks on Robust DNNs'. Together they form a unique fingerprint.

Cite this