A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach
Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean da...
Main Authors: | , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2024-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10400453/ |
_version_ | 1827357601220788224 |
---|---|
author | Mohammed Nasser Al-Andoli Shing Chiang Tan Kok Swee Sim Pey Yun Goh Chee Peng Lim |
author_facet | Mohammed Nasser Al-Andoli Shing Chiang Tan Kok Swee Sim Pey Yun Goh Chee Peng Lim |
author_sort | Mohammed Nasser Al-Andoli |
collection | DOAJ |
description | Deep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs. |
first_indexed | 2024-03-08T05:35:15Z |
format | Article |
id | doaj.art-b5e4057a3373471aa42f4cdc86757586 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-03-08T05:35:15Z |
publishDate | 2024-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-b5e4057a3373471aa42f4cdc867575862024-02-06T00:01:08ZengIEEEIEEE Access2169-35362024-01-0112175221754010.1109/ACCESS.2024.335469910400453A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer ApproachMohammed Nasser Al-Andoli0https://orcid.org/0000-0001-6491-9938Shing Chiang Tan1https://orcid.org/0000-0002-1267-1894Kok Swee Sim2https://orcid.org/0000-0003-2976-8825Pey Yun Goh3https://orcid.org/0000-0003-2060-3223Chee Peng Lim4https://orcid.org/0000-0003-4191-9083Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka, Durian Tunggal, MalaysiaFaculty of Information Science and Technology, Multimedia University, Melaka, MalaysiaFaculty of Engineering and Technology, Multimedia University, Melaka, MalaysiaFaculty of Information Science and Technology, Multimedia University, Melaka, MalaysiaInstitute for Intelligent Systems Research and Innovation, Deakin University, Waurn Ponds, VIC, AustraliaDeep learning (DL) has demonstrated remarkable achievements in various fields. Nevertheless, DL models encounter significant challenges in detecting and defending against adversarial samples (AEs). These AEs are meticulously crafted by adversaries, introducing imperceptible perturbations to clean data to deceive DL models. Consequently, AEs pose potential risks to DL applications. In this paper, we propose an effective framework for enhancing the robustness of DL models against adversarial attacks. The framework leverages convolutional neural networks (CNNs) for feature learning, Deep Neural Networks (DNNs) with softmax for classification, and a defense mechanism to identify and exclude AEs. Evasion attacks are employed to create AEs to evade and mislead the classifier by generating malicious samples during the test phase of DL models i.e., CNN and DNN, using the Fast Gradient Sign Method (FGSM), Basic Iterative Method (BIM), Projected Gradient Descent (PGD), and Square Attack (SA). A protection layer is developed as a detection mechanism placed before the DNN classifier to identify and exclude AEs. The detection mechanism incorporates a machine learning model, which includes one of the following: Fuzzy ARTMAP, Random Forest, K-Nearest Neighbors, XGBoost, or Gradient Boosting Machine. Extensive evaluations are conducted on the MNIST, CIFAR-10, SVHN, and Fashion-MNIST data sets to assess the effectiveness of the proposed framework. The experimental results indicate the framework’s ability to effectively and accurately detect AEs generated by four popular attacking methods, highlighting the potential of our developed framework in enhancing its robustness against AEs.https://ieeexplore.ieee.org/document/10400453/Deep learningadversarial examplessecurityadversarial attacksadversarial examples detection |
spellingShingle | Mohammed Nasser Al-Andoli Shing Chiang Tan Kok Swee Sim Pey Yun Goh Chee Peng Lim A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach IEEE Access Deep learning adversarial examples security adversarial attacks adversarial examples detection |
title | A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
title_full | A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
title_fullStr | A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
title_full_unstemmed | A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
title_short | A Framework for Robust Deep Learning Models Against Adversarial Attacks Based on a Protection Layer Approach |
title_sort | framework for robust deep learning models against adversarial attacks based on a protection layer approach |
topic | Deep learning adversarial examples security adversarial attacks adversarial examples detection |
url | https://ieeexplore.ieee.org/document/10400453/ |
work_keys_str_mv | AT mohammednasseralandoli aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach AT shingchiangtan aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach AT koksweesim aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach AT peyyungoh aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach AT cheepenglim aframeworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach AT mohammednasseralandoli frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach AT shingchiangtan frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach AT koksweesim frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach AT peyyungoh frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach AT cheepenglim frameworkforrobustdeeplearningmodelsagainstadversarialattacksbasedonaprotectionlayerapproach |