Poster: Adversarial Defense with Deep Learning Coverage on MagNet's Purification

Leo Hyun Park, Jaewoo Park, Soochang Chung, Jaeuk Kim, Myung Gyo Oh, Taekyoung Kwon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

MagNet is a defense method that adopts autoencoders to detect and purify adversarial examples. Although MagNet is robust against grey-box and black-box attacks, it is vulnerable to white-box attacks. Despite this prior knowledge, the fundamental reason for and mitigation of the vulnerability of MagNet have not been discussed. We suggest that the challenge of MagNet is the generalization of the data manifold. To explain this, in this work, we leverage deep learning coverage for the reformer of MagNet. We mutate training images through image transformation algorithms and then train the reformer using mutants with new coverage information. The selected mutants provide an interesting data manifold, that cannot be handled by the random noise of MagNet, to the reformer. In grey-box settings, our defense method classified adversarial examples for various perturbation sizes much more accurately than MagNet even with the same architecture. Based on the preliminary result of this work, we consider future work to identify whether the generalization power of deep learning coverage is effective for stronger adversaries and different architectures.

Original languageEnglish
Title of host publicationCCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages3439-3441
Number of pages3
ISBN (Electronic)9781450394505
DOIs
Publication statusPublished - 2022 Nov 7
Event28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 - Los Angeles, United States
Duration: 2022 Nov 72022 Nov 11

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022
Country/TerritoryUnited States
CityLos Angeles
Period22/11/722/11/11

Bibliographical note

Publisher Copyright:
© 2022 Owner/Author.

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Poster: Adversarial Defense with Deep Learning Coverage on MagNet's Purification'. Together they form a unique fingerprint.

Cite this