Fruit-classification model resilience under adversarial attack

AbstractAn accurate and robust fruit image classifier can have a variety of real-life and industrial applications including automated pricing, intelligent sorting, and information extraction. This paper demonstrates how adversarial training can enhance the robustness of fruit image classifiers. In the past, research in deep-learning-based fruit image classification has focused solely on attaining the highest possible accuracy of the model used in the classification process. However, even the highest accuracy models are still susceptible to adversarial attacks which pose serious problems for such systems in practice. As a robust fruit classifier can only be developed with the aid of a fruit image dataset consisting of fruit images photographed in realistic settings (rather than images taken in controlled laboratory settings), a new dataset of over three thousand fruit images belonging to seven fruit classes is presented. Each image is carefully selected so that its classification poses a significant challenge for the proposed classifiers. Three Convolutional Neural Network (CNN)-based classifiers are suggested: 1) IndusNet, 2) fine-tuned VGG16, and 3) fine-tuned MobileNet. Fine-tuned VGG16 produced the best test set accuracy of 94.82% compared to the 92.32% and the 94.28% produced by the other two models, respectively. Fine-tuned MobileNet has proved to be the most efficient model with a test time of 9 ms/step compared to the test times of 28 ms/step and 29 ms/step for the other two models. The empirical evidence presented demonstrates that adversarial training enables fruit image classifiers to resist attacks crafted through the Fast Gradient Sign Method (FGSM), while simultaneously improving classifiers’ robustness against other noise forms including ‘Gaussian’, ‘Salt and pepper’ and ‘Speckle’. For example, when the amplitude of the perturbations generated through the Fast Gradient Sign Method (FGSM) was kept at 0.1, adversarial training improved the fine-tuned VGG16’s performance on adversarial images by around 18% (i.e., from 76.6% to 94.82%), while simultaneously improving the classifier’s performance on fruit images corrupted with ‘salt and pepper’ noise by around 8% (i.e., from 69.82% to 77.85%). Other reported results also follow this pattern and demonstrate the effectiveness of adversarial training as a means of enhancing the robustness of fruit image classifiers.

Download Full-text

MedicalGuard: U-Net Model Robust against Adversarially Perturbed Images

Security and Communication Networks ◽

10.1155/2021/5595026 ◽

2021 ◽

Vol 2021 ◽

pp. 1-8

Author(s):

Hyun Kwon

Keyword(s):

Neural Networks ◽

Deep Neural Networks ◽

Human Perception ◽

Original Data ◽

Classification Model ◽

Medical Field ◽

Adversarial Examples ◽

Adversarial Training ◽

Fast Gradient ◽

Sign Method

Deep neural networks perform well for image recognition, speech recognition, and pattern analysis. This type of neural network has also been used in the medical field, where it has displayed good performance in predicting or classifying patient diagnoses. An example is the U-Net model, which has demonstrated good performance in data segmentation, an important technology in the field of medical imaging. However, deep neural networks are vulnerable to adversarial examples. Adversarial examples are samples created by adding a small amount of noise to an original data sample in such a way that to human perception they appear to be normal data but they will be incorrectly classified by the classification model. Adversarial examples pose a significant threat in the medical field, as they can cause models to misidentify or misclassify patient diagnoses. In this paper, I propose an advanced adversarial training method to defend against such adversarial examples. An advantage of the proposed method is that it creates a wide variety of adversarial examples for use in training, which are generated by the fast gradient sign method (FGSM) for a range of epsilon values. A U-Net model trained on these diverse adversarial examples will be more robust to unknown adversarial examples. Experiments were conducted using the ISBI 2012 dataset, with TensorFlow as the machine learning library. According to the experimental results, the proposed method builds a model that demonstrates segmentation robustness against adversarial examples by reducing the pixel error between the original labels and the adversarial examples to an average of 1.45.

Download Full-text

Complete Defense Framework to Protect Deep Neural Networks against Adversarial Examples

Mathematical Problems in Engineering ◽

10.1155/2020/8319249 ◽

2020 ◽

Vol 2020 ◽

pp. 1-17

Author(s):

Guangling Sun ◽

Yuying Su ◽

Chuan Qin ◽

Wenbo Xu ◽

Xiaofeng Lu ◽

...

Keyword(s):

Neural Networks ◽

Iterative Method ◽

Deep Neural Networks ◽

Great Success ◽

Minor Alteration ◽

Adversarial Examples ◽

Adversarial Training ◽

Fast Gradient ◽

Sign Method

Although Deep Neural Networks (DNNs) have achieved great success on various applications, investigations have increasingly shown DNNs to be highly vulnerable when adversarial examples are used as input. Here, we present a comprehensive defense framework to protect DNNs against adversarial examples. First, we present statistical and minor alteration detectors to filter out adversarial examples contaminated by noticeable and unnoticeable perturbations, respectively. Then, we ensemble the detectors, a deep Residual Generative Network (ResGN), and an adversarially trained targeted network, to construct a complete defense framework. In this framework, the ResGN is our previously proposed network which is used to remove adversarial perturbations, and the adversarially trained targeted network is a network that is learned through adversarial training. Specifically, once the detectors determine an input example to be adversarial, it is cleaned by ResGN and then classified by the adversarially trained targeted network; otherwise, it is directly classified by this network. We empirically evaluate the proposed complete defense on ImageNet dataset. The results confirm the robustness against current representative attacking methods including fast gradient sign method, randomized fast gradient sign method, basic iterative method, universal adversarial perturbations, DeepFool method, and Carlini & Wagner method.

Download Full-text

Improving the Transferability of Adversarial Examples With a Noise Data Enhancement Framework and Random Erasing

Frontiers in Neurorobotics ◽

10.3389/fnbot.2021.784053 ◽

2021 ◽

Vol 15 ◽

Author(s):

Pengfei Xie ◽

Shuhao Shi ◽

Shuai Yang ◽

Kai Qiao ◽

Ningning Liang ◽

...

Keyword(s):

Success Rate ◽

Deep Neural Networks ◽

Black Box ◽

Excellent Performance ◽

Training Models ◽

Noise Data ◽

Adversarial Examples ◽

Adversarial Training ◽

Fast Gradient ◽

Sign Method

Deep neural networks (DNNs) are proven vulnerable to attack against adversarial examples. Black-box transfer attacks pose a massive threat to AI applications without accessing target models. At present, the most effective black-box attack methods mainly adopt data enhancement methods, such as input transformation. Previous data enhancement frameworks only work on input transformations that satisfy accuracy or loss invariance. However, it does not work for other transformations that do not meet the above conditions, such as the transformation which will lose information. To solve this problem, we propose a new noise data enhancement framework (NDEF), which only transforms adversarial perturbation to avoid the above issues effectively. In addition, we introduce random erasing under this framework to prevent the over-fitting of adversarial examples. Experimental results show that the black-box attack success rate of our method Random Erasing Iterative Fast Gradient Sign Method (REI-FGSM) is 4.2% higher than DI-FGSM in six models on average and 6.6% higher than DI-FGSM in three defense models. REI-FGSM can combine with other methods to achieve excellent performance. The attack performance of SI-FGSM can be improved by 22.9% on average when combined with REI-FGSM. Besides, our combined version with DI-TI-MI-FGSM, i.e., DI-TI-MI-REI-FGSM can achieve an average attack success rate of 97.0% against three ensemble adversarial training models, which is greater than the current gradient iterative attack method. We also introduce Gaussian blur to prove the compatibility of our framework.

Download Full-text

Deep ConvNet: Non-Random Weight Initialization for Repeatable Determinism, Examined with FSGM

Sensors ◽

10.3390/s21144772 ◽

2021 ◽

Vol 21 (14) ◽

pp. 4772

Author(s):

Richard N. M. Rudd-Orthner ◽

Lyudmila Mihaylova

Keyword(s):

Cross Validation ◽

Color Image ◽

Validation Dataset ◽

Number Sequence ◽

Random Weight ◽

Fast Gradient ◽

Weight Initialization ◽

Fitting In ◽

Sequence Substitution ◽

Sign Method

A repeatable and deterministic non-random weight initialization method in convolutional layers of neural networks examined with the Fast Gradient Sign Method (FSGM). Using the FSGM approach as a technique to measure the initialization effect with controlled distortions in transferred learning, varying the dataset numerical similarity. The focus is on convolutional layers with induced earlier learning through the use of striped forms for image classification. Which provided a higher performing accuracy in the first epoch, with improvements of between 3–5% in a well known benchmark model, and also ~10% in a color image dataset (MTARSI2), using a dissimilar model architecture. The proposed method is robust to limit optimization approaches like Glorot/Xavier and He initialization. Arguably the approach is within a new category of weight initialization methods, as a number sequence substitution of random numbers, without a tether to the dataset. When examined under the FGSM approach with transferred learning, the proposed method when used with higher distortions (numerically dissimilar datasets), is less compromised against the original cross-validation dataset, at ~31% accuracy instead of ~9%. This is an indication of higher retention of the original fitting in transferred learning.

Download Full-text

A Novel Approach to Oil Layer Recognition Model Using Whale Optimization Algorithm and Semi-Supervised SVM

Symmetry ◽

10.3390/sym13050757 ◽

2021 ◽

Vol 13 (5) ◽

pp. 757

Author(s):

Yongke Pan ◽

Kewen Xia ◽

Li Wang ◽

Ziping He

Keyword(s):

Optimization Algorithm ◽

Oil And Gas ◽

The Other ◽

Whale Optimization Algorithm ◽

Classification Model ◽

Support Vector ◽

Recognition Model ◽

Novel Approach ◽

Whale Optimization ◽

Oil And Gas Reservoir

The dataset distribution of actual logging is asymmetric, as most logging data are unlabeled. With the traditional classification model, it is hard to predict the oil and gas reservoir accurately. Therefore, a novel approach to the oil layer recognition model using the improved whale swarm algorithm (WOA) and semi-supervised support vector machine (S3VM) is proposed in this paper. At first, in order to overcome the shortcomings of the Whale Optimization Algorithm applied in the parameter-optimization of the S3VM model, such as falling into a local optimization and low convergence precision, an improved WOA was proposed according to the adaptive cloud strategy and the catfish effect. Then, the improved WOA was used to optimize the kernel parameters of S3VM for oil layer recognition. In this paper, the improved WOA is used to test 15 benchmark functions of CEC2005 compared with five other algorithms. The IWOA–S3VM model is used to classify the five kinds of UCI datasets compared with the other two algorithms. Finally, the IWOA–S3VM model is used for oil layer recognition. The result shows that (1) the improved WOA has better convergence speed and optimization ability than the other five algorithms, and (2) the IWOA–S3VM model has better recognition precision when the dataset contains a labeled and unlabeled dataset in oil layer recognition.

Download Full-text

Comments on the Market Crash: Six Months After

The Journal of Economic Perspectives ◽

10.1257/jep.2.3.45 ◽

1988 ◽

Vol 2 (3) ◽

pp. 45-50 ◽

Cited By ~ 43

Author(s):

Hayne Leland ◽

Mark Rubinstein

Keyword(s):

Standard Model ◽

Real Life ◽

The Other ◽

Financial Equilibrium ◽

The Standard Model ◽

Trading Mechanisms

Six months after the market crash of October 1987, we are still sifting through the debris searching for its cause. Two theories of the crash sound plausible -- one based on a market panic and the other based on large trader transactions -- though there is other evidence that is difficult to reconcile. If we are to believe the market panic theory or the Brady Commission's theory that the crash was primarily caused by a few large traders, we must strongly reject the standard model. We need to build models of financial equilibrium which are more sensitive to real life trading mechanisms, which account more realistically for the formation of expectations, and which recognize that, at any one time, there is a limited pool of investors available with the ability to evaluate stocks and take appropriate action in the market.

Download Full-text

Deep spatio-temporal emotion analysis of geo-tagged tweets for predicting location based communal emotion during COVID-19 Lock-down

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-210544 ◽

2021 ◽

pp. 1-14

Author(s):

M. Amsaprabhaa ◽

Y. Nancy Jane ◽

H. Khanna Nehemiah

Keyword(s):

Latent Dirichlet Allocation ◽

Temporal Analysis ◽

The Other ◽

Classification Model ◽

Grid Search ◽

Analysis Framework ◽

Emotion Classification ◽

Spatio Temporal ◽

Improved Accuracy ◽

State Of Art

Due to the COVID-19 pandemic, countries across the globe has enforced lockdown restrictions that influence the people’s socio-economic lifecycle. The objective of this paper is to predict the communal emotion of people from different locations during the COVID-19 lockdown. The proposed work aims in developing a deep spatio-temporal analysis framework of geo-tagged tweets to predict the emotions of different topics based on location. An optimized Latent Dirichlet Allocation (LDA) approach is presented for finding the optimal hyper-parameters using grid search. A multi-class emotion classification model is then built via a Recurrent Neural Network (RNN) to predict emotions for each topic based on locations. The proposed work is experimented with the twitter streaming API dataset. The experimental results prove that the presented LDA model-using grid search along with the RNN model for emotion classification outperforms the other state of art methods with an improved accuracy of 94.6%.

Download Full-text

Humor Styles in Marriage: How Similar Are Husband and Wife?

Psychological Reports ◽

10.1177/0033294118805008 ◽

2018 ◽

Vol 122 (6) ◽

pp. 2331-2347

Author(s):

Meng-Ning Tsai ◽

Ching-Lin Wu ◽

Yu-Lin Chang ◽

Hsueh-Chih Chen

Keyword(s):

Confidence Interval ◽

Multilevel Modeling ◽

Married Couples ◽

Past Research ◽

The Other ◽

Humor Styles ◽

Cohen’S D ◽

Humor Style ◽

Valid Predictor ◽

Cohen's D

Past research found that similar appreciation for humor exists between spouses, but it is not certain whether this similarity between spouses also exists in kindhearted or malicious humor. The present study investigated the similarity of Taiwanese married couples’ humor styles. Participants included 239 couples (mean age = 42.9 years) who had been married to each other for at least 10 years. We used a traditional Chinese edition of the Humor Styles Questionnaire to measure the humor style and clustered participants’ humor styles in order to examine the similarity between spouses. The results show that husbands have higher tendencies toward aggressive (Cohen’s d = 0.29, p < .01) and self-defeating (Cohen’s d = 0.35, p < .01) humor styles than wives. Results from multilevel modeling indicate that spouses’ aggressive ( p < .001, confidence interval = .17, .41) and self-defeating ( p < .01, confidence interval = .05, .30) humor styles acting as a valid predictor to the other spouses’ negative humor styles. Furthermore, the results show that personal humor styles could be categorized into four clusters: positive humor endorsers, negative humor endorsers, general humor endorsers, and humor deniers. According to the clusters within spouse pairs, results show that similarities in humor styles exist between spouses (χ2 = 16.73, p = .01). The current study finds that most couples have similar humor styles and that a high proportion of married couples share the same humor clusters.

Download Full-text

Stability Analysis of Supply Chain Cooperation Contract under Asymmetric Information

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.44-47.794 ◽

2010 ◽

Vol 44-47 ◽

pp. 794-798 ◽

Cited By ~ 1

Author(s):

Xin Ma

Keyword(s):

Game Theory ◽

Supply Chain ◽

Repeated Games ◽

Information Structure ◽

Transition Period ◽

Information Economics ◽

Real Life ◽

The Other ◽

Game Equilibrium ◽

The Stability

The stability of cooperation contract is the result of abandon opportunistic behavior in the process of repeated games among the enterprise and the other subjects in the supply chain from long-term interests, and is also the foundation of healthy development for the whole supply chain. But in real life cooperation contract instability everywhere for a variety of reasons, such as ethical considerations, institutional factors, cultural factors and special reasons during the transition period and so on. From the perspective of information economics and game theory, the main game process of cooperation between enterprise and the other subjects in supply chain is not only the game of information, but also the game of interests. Information structure and the interesting structure are the important factors for the subjects of the game of the implementation of decisions and the basic contractual constraints for cooperative game equilibrium. Cooperation behaviors among the enterprise and the other subjects in the supply chain were studied on the basis of game theory, and the stability of cooperation contract is also being discussed in this paper.

Download Full-text

An Integrated Approach to Product Delivery Planning and Scheduling

Scientific Journal of Riga Technical University Computer Sciences ◽

10.2478/v10143-011-0049-7 ◽

2011 ◽

Vol 45 (1) ◽

pp. 97-103 ◽

Cited By ~ 1

Author(s):

Galina Merkuryeva ◽

Vitaly Bolshakov ◽

Maksims Kornevs

Keyword(s):

Cluster Analysis ◽

Clustering Algorithm ◽

Expert Knowledge ◽

Real Life ◽

Integrated Approach ◽

Classification Model ◽

Performance Criteria ◽

Planning And Scheduling ◽

Delivery Planning ◽

Product Delivery

An Integrated Approach to Product Delivery Planning and SchedulingProduct delivery planning and scheduling is a task of high priority in transport logistics. In distribution centres this task is related to deliveries of various types of goods in predefined time windows. In real-life applications the problem has different stochastic performance criteria and conditions. Optimisation of schedules itself is time consuming and requires an expert knowledge. In this paper an integrated approach to product delivery planning and scheduling is proposed. It is based on a cluster analysis of demand data of stores to identify typical dynamic demand patterns and product delivery tactical plans, and simulation optimisation to find optimal parameters of transportation or vehicle schedules. Here, a cluster analysis of the demand data by using the K-means clustering algorithm and silhouette plots mean values is performed, and an NBTree-based classification model is built. In order to find an optimal grouping of stores into regions based on their geographical locations and the total demand uniformly distributed over regions, a multiobjective optimisation problem is formulated and solved with the NSGA II algorithm.

Download Full-text