Title:
UnMask: Adversarial Detection and Defense in Deep Learning Through Building-Block Knowledge Extraction
UnMask: Adversarial Detection and Defense in Deep Learning Through Building-Block Knowledge Extraction
| dc.contributor.author | Freitas, Scott | |
| dc.contributor.author | Chen, Shang-Tse | |
| dc.contributor.author | Chau, Duen Horng | |
| dc.contributor.corporatename | Georgia Institute of Technology. College of Computing | en_US |
| dc.contributor.corporatename | Georgia Institute of Technology. School of Computational Science and Engineering | en_US |
| dc.date.accessioned | 2019-02-14T18:14:35Z | |
| dc.date.available | 2019-02-14T18:14:35Z | |
| dc.date.issued | 2019 | |
| dc.description.abstract | Deep learning models are being integrated into a wide range of high-impact, security-critical systems, from self-driving cars to biomedical diagnosis. However, recent research has demonstrated that many of these deep learning architectures are highly vulnerable to adversarial attacks—highlighting the vital need for defensive techniques to detect and mitigate these attacks before they occur. To combat these adversarial attacks, we developed UnMask, a knowledge-based adversarial detection and defense framework. The core idea behind UnMask is to protect these models by verifying that an image’s predicted class (“bird”) contains the expected building blocks (e.g., beak, wings, eyes). For example, if an image is classified as “bird”, but the extracted building blocks are wheel, seat and frame, the model may be under attack. UnMask detects such attacks and defends the model by rectifying the misclassification, re-classifying the image based on its extracted building blocks. Our extensive evaluation shows that UnMask (1) detects up to 92.9% of attacks, with a false positive rate of 9.67% and (2) defends the model by correctly classifying up to 92.24% of adversarial images produced by the current strongest attack, Projected Gradient Descent, in the gray-box setting. Our proposed method is architecture agnostic and fast. To enable reproducibility of our research, we have anonymously open-sourced our code and large newly-curated dataset (~5GB) on GitHub (https://github.com/unmaskd/UnMask). | en_US |
| dc.identifier.uri | http://hdl.handle.net/1853/60900 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | Georgia Institute of Technology | en_US |
| dc.relation.ispartofseries | CSE Technical Reports; GT-CSE- | en_US |
| dc.subject | Deep learning | en_US |
| dc.subject | Adversarial attack | en_US |
| dc.subject | Adversarial detection | en_US |
| dc.subject | Building-blocks | en_US |
| dc.subject | Knowledge extraction | en_US |
| dc.title | UnMask: Adversarial Detection and Defense in Deep Learning Through Building-Block Knowledge Extraction | en_US |
| dc.type | Text | |
| dc.type.genre | Technical Report | |
| dspace.entity.type | Publication | |
| local.contributor.author | Chau, Duen Horng | |
| local.contributor.corporatename | School of Computational Science and Engineering | |
| local.relation.ispartofseries | School of Computational Science and Engineering Technical Report Series | |
| relation.isAuthorOfPublication | fb5e00ae-9fb7-475d-8eac-50c48a46ea23 | |
| relation.isOrgUnitOfPublication | 01ab2ef1-c6da-49c9-be98-fbd1d840d2b1 | |
| relation.isSeriesOfPublication | 5a01f926-96af-453d-a75b-abc3e0f0abb3 |