Publications
Detailed Information
Improving Adversarial Robustness Using Pixel Intensity Encryption : 픽셀 강도 암호화를 통한 적대적 강건성 강화
Cited 0 time in
Web of Science
Cited 0 time in Scopus
- Authors
- Advisor
- Wonjong Rhee
- Issue Date
- 2021
- Publisher
- 서울대학교 대학원
- Keywords
- Adversarial Examples ; adversarial attack ; adversarial defense ; perceptual image encryption
- Description
- 학위논문(석사) -- 서울대학교대학원 : 융합과학기술대학원 지능정보융합학과, 2021.8. 이윤아.
- Abstract
- Neural networks are known to be vulnerable to gradient-based adversarial examples which are made by leveraging input gradients toward misclassification. Due to these attacks, adversarial defense has become a topic of significant interest in recent years. The most empirically successful approach to defending against such adversarial examples is adversarial training, which incorporates a strong self-attack during training. However, this approach is computationally expensive and hence is hard to scale up. As a result, a series of studies has been undertaken to develop gradient masking methods. One of the method is to to hide the gradient using encryption. This was achieved by transforming the location of pixels. However, there have been no studies regarding how pixel-intensity encryption could work as an adversarial defense.
This study proposes a new defense method that uses pixel intensity encryption to defend against the gradient-based attacks. Furthermore, A new adaptive attack setup for encryption methods is presented in the study to evaluate its effectiveness as an adversarial defense. The experiment shows that the proposed defense is more robust than that of the previous studies under adaptive attack. Moreover, the correlation coefficient of an image is found to make the key role on learnability of the model.
- Language
- eng
- Files in This Item:
Item View & Download Count
Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.