Authors:
Dinh Nguyen
1
;
Nhan Le
2
;
Van Mai
3
;
Tuong Quan Nguyen
4
;
Van Nguyen
4
and
The Nguyen
1
Affiliations:
1
Hong Duc University, Thanh Hoa, Vietnam
;
2
Microsoft, Ha Noi, Vietnam
;
3
ThinkLABs JSC, Thanh Hoa, VietNam
;
4
Ministry of Public Security, Vietnam
Keyword(s):
White-Box Attack, Black-Box Attack, Adversarial Image, Deep Learning, Convolutional Neural Network.
Abstract:
With the significant advancements of deep learning (DL) and convolutional neural networks (CNNs), many complex systems in the field of computer vision (CV) have been effectively solved with promising performance, even equivalent to human capabilities. Images sophistically perturbed in order to cause accurately trained deep learning systems to misclassify have emerged as a significant challenge and major concern in application domains requiring high reliability. These samples are referred to as adversarial examples. Many studies apply white-box attack methods to create these adversarial images. However, white-box attacks might be impractical in real-world applications. In this paper, a cascade methodology is deployed in which the Copycat algorithm is utilized to replicate the behavior of a black-box model (known as an original model) by using a substitute model. The substitute model is employed to generate white-box perturbations, which are then used to evaluate the black-box models.
The experiments are conducted with benchmark datasets as MNIST and CIFAR10 and a facial recognition system as a real use-case. The results show impressive outcomes, as the majority of the adversarial samples generated can significantly reduce the overall accuracy and reliability of facial recognition systems up to over 80%.
(More)