Main Menu

    A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach

    Citation

    Al-Andoli, Mohammed Nasser and Tan, Shing Chiang and Sim, Kok Swee and Goh, Pey Yun and Lim, Chee Peng (2024) A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach. IEEE Access. p. 1. ISSN 2169-3536

    [img] Text
    71.pdf - Published Version
    Restricted to Repository staff only
    Download (1MB)

    Abstract

    Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework's ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs.

    Item Type: Article
    Uncontrolled Keywords: Deep learning
    Subjects: Q Science > Q Science (General) > Q300-390 Cybernetics
    Divisions: Faculty of Engineering and Technology (FET)
    Faculty of Information Science and Technology (FIST)
    Depositing User: Ms Nurul Iqtiani Ahmad
    Date Deposited: 31 Jan 2024 01:19
    Last Modified: 31 Jan 2024 01:19
    URII: http://shdl.mmu.edu.my/id/eprint/12051

    Downloads

    Downloads per month over past year

    View ItemEdit (login required)

    MMU Institutional Repository is powered by EPrints | Siti Hasmah Digital Library | Multimedia University