Integration of statistical detector and Gaussian noise injection detector for adversarial example detection in deep neural networks

2019 ◽  
Vol 78 (14) ◽  
pp. 20409-20429 ◽  
Author(s):  
Weiqi Fan ◽  
Guangling Sun ◽  
Yuying Su ◽  
Zhi Liu ◽  
Xiaofeng Lu
Keyword(s):  
Neural Networks ◽  
Gaussian Noise ◽  
Deep Neural Networks ◽  
Noise Injection ◽  
Adversarial Example

scholarly journals Heterogeneous Gaussian Mechanism: Preserving Differential Privacy in Deep Learning with Provable Robustness

2019 ◽  
Author(s):  
NhatHai Phan ◽  
Minh N. Vu ◽  
Yang Liu ◽  
Ruoming Jin ◽  
Dejing Dou ◽  
...  
Keyword(s):  
Neural Networks ◽  
Deep Learning ◽  
Theoretical Analysis ◽  
Gaussian Noise ◽  
Deep Neural Networks ◽  
Differential Privacy ◽  
Trade Off ◽  
Adversarial Examples ◽  
Hidden Layer ◽  
Privacy Budget

In this paper, we propose a novel Heterogeneous Gaussian Mechanism (HGM) to preserve differential privacy in deep neural networks, with provable robustness against adversarial examples. We first relax the constraint of the privacy budget in the traditional Gaussian Mechanism from (0, 1] to (0, infty), with a new bound of the noise scale to preserve differential privacy. The noise in our mechanism can be arbitrarily redistributed, offering a distinctive ability to address the trade-off between model utility and privacy loss. To derive provable robustness, our HGM is applied to inject Gaussian noise into the first hidden layer. Then, a tighter robustness bound is proposed. Theoretical analysis and thorough evaluations show that our mechanism notably improves the robustness of differentially private deep neural networks, compared with baseline approaches, under a variety of model attacks.

scholarly journals Hardening Deep Neural Networks in Condition Monitoring Systems against Adversarial Example Attacks

2020 ◽  
pp. 103-111
Author(s):  
Felix Specht ◽  
Jens Otto
Keyword(s):  
Neural Network ◽  
Neural Networks ◽  
Condition Monitoring ◽  
Deep Neural Network ◽  
Deep Neural Networks ◽  
Production Systems ◽  
Monitoring Systems ◽  
Condition Monitoring Systems ◽  
Adversarial Examples ◽  
Adversarial Example

AbstractCondition monitoring systems based on deep neural networks are used for system failure detection in cyber-physical production systems. However, deep neural networks are vulnerable to attacks with adversarial examples. Adversarial examples are manipulated inputs, e.g. sensor signals, are able to mislead a deep neural network into misclassification. A consequence of such an attack may be the manipulation of the physical production process of a cyber-physical production system without being recognized by the condition monitoring system. This can result in a serious threat for production systems and employees. This work introduces an approach named CyberProtect to prevent misclassification caused by adversarial example attacks. The approach generates adversarial examples for retraining a deep neural network which results in a hardened variant of the deep neural network. The hardened deep neural network sustains a significant better classification rate (82% compared to 20%) while under attack with adversarial examples, as shown by empirical results.

Detecting adversarial example attacks to deep neural networks

2017 ◽  
Author(s):  
Fabio Carrara ◽  
Fabrizio Falchi ◽  
Roberto Caldelli ◽  
Giuseppe Amato ◽  
Roberta Fumarola ◽  
...  
Keyword(s):  
Neural Networks ◽  
Deep Neural Networks ◽  
Adversarial Example
Sign in / Sign up

Export Citation Format

Share Document