scholarly journals Adversarial Machine Learning in Image Classification: A Survey Toward the Defender’s Perspective

2023 ◽  
Vol 55 (1) ◽  
pp. 1-38
Author(s):  
Gabriel Resende Machado ◽  
Eugênio Silva ◽  
Ronaldo Ribeiro Goldschmidt

Deep Learning algorithms have achieved state-of-the-art performance for Image Classification. For this reason, they have been used even in security-critical applications, such as biometric recognition systems and self-driving cars. However, recent works have shown those algorithms, which can even surpass human capabilities, are vulnerable to adversarial examples. In Computer Vision, adversarial examples are images containing subtle perturbations generated by malicious optimization algorithms to fool classifiers. As an attempt to mitigate these vulnerabilities, numerous countermeasures have been proposed recently in the literature. However, devising an efficient defense mechanism has proven to be a difficult task, since many approaches demonstrated to be ineffective against adaptive attackers. Thus, this article aims to provide all readerships with a review of the latest research progress on Adversarial Machine Learning in Image Classification, nevertheless, with a defender’s perspective. This article introduces novel taxonomies for categorizing adversarial attacks and defenses, as well as discuss possible reasons regarding the existence of adversarial examples. In addition, relevant guidance is also provided to assist researchers when devising and evaluating defenses. Finally, based on the reviewed literature, this article suggests some promising paths for future research.

2021 ◽  
Vol 54 (2) ◽  
pp. 1-36
Author(s):  
Bo Liu ◽  
Ming Ding ◽  
Sina Shaham ◽  
Wenny Rahayu ◽  
Farhad Farokhi ◽  
...  

The newly emerged machine learning (e.g., deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. It is important to note that the problem of privacy preservation in the context of machine learning is quite different from that in traditional data privacy protection, as machine learning can act as both friend and foe. Currently, the work on the preservation of privacy and machine learning are still in an infancy stage, as most existing solutions only focus on privacy problems during the machine learning process. Therefore, a comprehensive study on the privacy preservation problems and machine learning is required. This article surveys the state of the art in privacy issues and solutions for machine learning. The survey covers three categories of interactions between privacy and machine learning: (i) private machine learning, (ii) machine learning-aided privacy protection, and (iii) machine learning-based privacy attack and corresponding protection schemes. The current research progress in each category is reviewed and the key challenges are identified. Finally, based on our in-depth analysis of the area of privacy and machine learning, we point out future research directions in this field.


2020 ◽  
Vol 1 ◽  
pp. 6
Author(s):  
Petru Hlihor ◽  
Riccardo Volpi ◽  
Luigi Malagò

Adversarial Examples represent a serious problem affecting the security of machine learning systems. In this paper we focus on a defense mechanism based on reconstructing images before classification using an autoencoder. We experiment on several types of autoencoders and evaluate the impact of strategies such as injecting noise in the input during training and in the latent space at inference time.We tested the models on adversarial examples generated with the Carlini-Wagner attack, in a white-box scenario and on the stacked system composed by the autoencoder and the classifier.


Author(s):  
Dhairya Shah

Abstract: Vehicle positioning and classification is a vital technology in intelligent transportation and self-driving cars. This paper describes the experimentation for the classification of vehicle images by artificial vision using Keras and TensorFlow to construct a deep neural network model, Python modules, as well as a machine learning algorithm. Image classification finds its suitability in applications ranging from medical diagnostics to autonomous vehicles. The existing architectures are computationally exhaustive, complex, and less accurate. The outcomes are used to assess the best camera location for filming, the vehicular traffic to determine the highway occupancy. An accurate, simple, and hardware-efficient architecture is required to be developed for image classification. Keywords: Convolutional Neural Networks, Image Classification, deep neural network, Keras, Tensorflow, Python, machine learning, dataset


2023 ◽  
Vol 55 (1) ◽  
pp. 1-35
Author(s):  
Deqiang Li ◽  
Qianmu Li ◽  
Yanfang (Fanny) Ye ◽  
Shouhuai Xu

Malicious software (malware) is a major cyber threat that has to be tackled with Machine Learning (ML) techniques because millions of new malware examples are injected into cyberspace on a daily basis. However, ML is vulnerable to attacks known as adversarial examples. In this article, we survey and systematize the field of Adversarial Malware Detection (AMD) through the lens of a unified conceptual framework of assumptions, attacks, defenses, and security properties. This not only leads us to map attacks and defenses to partial order structures, but also allows us to clearly describe the attack-defense arms race in the AMD context. We draw a number of insights, including: knowing the defender’s feature set is critical to the success of transfer attacks; the effectiveness of practical evasion attacks largely depends on the attacker’s freedom in conducting manipulations in the problem space; knowing the attacker’s manipulation set is critical to the defender’s success; and the effectiveness of adversarial training depends on the defender’s capability in identifying the most powerful attack. We also discuss a number of future research directions.


2021 ◽  
Vol 9 ◽  
Author(s):  
Sensen Guo ◽  
Xiaoyu Li ◽  
Zhiying Mu

In recent years, machine learning technology has made great improvements in social networks applications such as social network recommendation systems, sentiment analysis, and text generation. However, it cannot be ignored that machine learning algorithms are vulnerable to adversarial examples, that is, adding perturbations that are imperceptible to the human eye to the original data can cause machine learning algorithms to make wrong outputs with high probability. This also restricts the widespread use of machine learning algorithms in real life. In this paper, we focus on adversarial machine learning algorithms on social networks in recent years from three aspects: sentiment analysis, recommendation system, and spam detection, We review some typical applications of machine learning algorithms and adversarial example generation and defense algorithms for machine learning algorithms in the above three aspects in recent years. besides, we also analyze the current research progress and prospects for the directions of future research.


Author(s):  
Tatireddy Reddy ◽  
Jonnadula Harikiran

Hyperspectral imaging is used in a wide range of applications. When used in remote sensing, satellites and aircraft are employed to collect the images, which are used in agriculture, environmental monitoring, urban planning and defence. The exact classification of ground features in the images is a significant research issue and is currently receiving greater attention. Moreover, these images have a large spectral dimensionality, which adds computational complexity and affects classification precision. To handle these issues, dimensionality reduction is an essential step that improves the performance of classifiers. In the classification process, several strategies have produced good classification results. Of these, machine learning techniques are the most powerful approaches. As a result, this paper reviews three different types of hyperspectral image machine learning classification methods: cluster analysis, supervised and semi-supervised classification. Moreover, this paper shows the effectiveness of all these techniques for hyperspectral image classification and dimensionality reduction. Furthermore, this review will assist as a reference for future research to improve the classification and dimensionality reduction approaches.


2021 ◽  
Vol 10 (2) ◽  
Author(s):  
Vihan Karnala ◽  
Marianne Campbell

The purpose of this study is to gain an understanding of the impact of model architecture on the efficacy of adversarial examples against machine learning systems implemented in self-driving applications. Prior research shows how to create and train against adversarial examples in many use cases; however, there is no definite understanding of how a machine learning model’s architecture affects the efficacy of adversarial examples. Data was collected through an experimental setting involving end-to-end self-driving models trained through behavioral cloning. Three model types were tested based on popular frameworks for machine learning algorithms dealing with images. Results showed a statistically significant difference in the impact of adversarial examples between these models. This means that certain model types and architectures are more susceptible to attacks. Therefore, the conclusion can be made that model architecture does impact the efficacy of adversarial examples; however, this is potentially limited to closed-loop, end-to-end systems in which algorithms make the entire decision. Future research should investigate what specific structure within models causes increased susceptibility to adversarial attacks.


Author(s):  
Sumit Kaur

Abstract- Deep learning is an emerging research area in machine learning and pattern recognition field which has been presented with the goal of drawing Machine Learning nearer to one of its unique objectives, Artificial Intelligence. It tries to mimic the human brain, which is capable of processing and learning from the complex input data and solving different kinds of complicated tasks well. Deep learning (DL) basically based on a set of supervised and unsupervised algorithms that attempt to model higher level abstractions in data and make it self-learning for hierarchical representation for classification. In the recent years, it has attracted much attention due to its state-of-the-art performance in diverse areas like object perception, speech recognition, computer vision, collaborative filtering and natural language processing. This paper will present a survey on different deep learning techniques for remote sensing image classification. 


2018 ◽  
Vol 58 (1) ◽  
pp. 53-60
Author(s):  
Bartosz Czarnecki

Abstract The paper discusses the spatial consequences of the widespread use of self-driving cars and the resulting changes in the structure of urban areas. Analysing present knowledge on the technology, functionality and future forms of organisation of mobility with this type of means of transportation, conclusions are presented concerning the expected changes in the organisation of space in urban areas. The main achievement of the investigation is an outline of the fields of future research on the spatial consequences of a transportation system with a large share of self-driving cars.


Sign in / Sign up

Export Citation Format

Share Document