Abstract
Deep Neural Networks (DNNs) are now commonly used for the mon-itoring and control of critical infrastructure, particularly to address classification, recognition, authentication, and detection problems. DNNs support the cooperation between sensing and high-dimensional analysis using the Dynamic Data-Driven Applications Systems (DDDAS) framework. However, such DNNs, and particularly those planned for tactical settings, may themselves be targets by enemy action. A class of potent “test-time evasion” (TTE) attacks have been developed to subvert DNNs. To address TTE attacks, methods of robust training have been proposed. This chapter provides a review of TTE defense methods and shows how robust classification forces the attacker to create TTEs with larger perturbations (but at the cost of decreased classification accuracy on clean data samples, due to the induced change in the training distribution). This chapter further investigates a defense capability, Anomaly Detection against Attacks (ADA), based on the combined use of a robust classifier and an anomaly detector. Experimentally it is shown how, when used with robust classification, the proposed ADA defense significantly reduces the effective attack success rate, that is, attacks that evade detection. Finally, this chapter discusses the general issue of effective attack success for TTEs with increasing attack strength.
Original language | English (US) |
---|---|
Title of host publication | Handbook of Dynamic Data Driven Applications Systems |
Subtitle of host publication | Volume 2 |
Publisher | Springer International Publishing |
Pages | 795-805 |
Number of pages | 11 |
Volume | 2 |
ISBN (Electronic) | 9783031279867 |
ISBN (Print) | 9783031279850 |
DOIs | |
State | Published - Jan 1 2023 |
All Science Journal Classification (ASJC) codes
- General Computer Science
- General Mathematics
- General Social Sciences
- General Engineering