A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach

Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean da...

Full description

Bibliographic Details
Main Authors: Mohammed Nasser Al-Andoli, Shing Chiang Tan, Kok Swee Sim, Pey Yun Goh, Chee Peng Lim
Format: Article
Language:English
Published: IEEE 2024-01-01
Series:IEEE Access
Subjects:
Online Access:https://ieeexplore.ieee.org/document/10400453/
_version_ 1827357601220788224
author Mohammed Nasser Al-Andoli
Shing Chiang Tan
Kok Swee Sim
Pey Yun Goh
Chee Peng Lim
author_facet Mohammed Nasser Al-Andoli
Shing Chiang Tan
Kok Swee Sim
Pey Yun Goh
Chee Peng Lim
author_sort Mohammed Nasser Al-Andoli
collection DOAJ
description Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs.
first_indexed 2024-03-08T05:35:15Z
format Article
id doaj.art-b5e4057a3373471aa42f4cdc86757586
institution Directory Open Access Journal
issn 2169-3536
language English
last_indexed 2024-03-08T05:35:15Z
publishDate 2024-01-01
publisher IEEE
record_format Article
series IEEE Access
spelling doaj.art-b5e4057a3373471aa42f4cdc867575862024-02-06T00:01:08ZengIEEEIEEE Access2169-35362024-01-0112175221754010.1109/ACCESS.2024.335469910400453A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer ApproachMohammed Nasser Al-Andoli0https://orcid.org/0000-0001-6491-9938Shing Chiang Tan1https://orcid.org/0000-0002-1267-1894Kok Swee Sim2https://orcid.org/0000-0003-2976-8825Pey Yun Goh3https://orcid.org/0000-0003-2060-3223Chee Peng Lim4https://orcid.org/0000-0003-4191-9083Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Durian Tunggal, MalaysiaFaculty of Information Science and Technology, Multimedia University, Melaka, MalaysiaFaculty of Engineering and Technology, Multimedia University, Melaka, MalaysiaFaculty of Information Science and Technology, Multimedia University, Melaka, MalaysiaInstitute for Intelligent Systems Research and Innovation, Deakin University, Waurn Ponds, VIC, AustraliaDeep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs.https://ieeexplore.ieee.org/document/10400453/Deep learningadversarial examplessecurityadversarial attacksadversarial examples detection
spellingShingle Mohammed Nasser Al-Andoli
Shing Chiang Tan
Kok Swee Sim
Pey Yun Goh
Chee Peng Lim
A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach
IEEE Access
Deep learning
adversarial examples
security
adversarial attacks
adversarial examples detection
title A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach
title_full A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach
title_fullStr A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach
title_full_unstemmed A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach
title_short A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach
title_sort framework for robust deep learning models against adversarial attacks based on a protection layer approach
topic Deep learning
adversarial examples
security
adversarial attacks
adversarial examples detection
url https://ieeexplore.ieee.org/document/10400453/
work_keys_str_mv AT mohammednasseralandoli aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach
AT shingchiangtan aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach
AT koksweesim aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach
AT peyyungoh aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach
AT cheepenglim aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach
AT mohammednasseralandoli frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach
AT shingchiangtan frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach
AT koksweesim frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach
AT peyyungoh frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach
AT cheepenglim frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach