Poster: Adversarial Defense with Deep Learning Coverage on MagNet's Purification

Leo Hyun Park; Jaewoo Park; Soochang Chung; Jaeuk Kim; Myung Gyo Oh; Taekyoung Kwon

doi:10.1145/3548606.3563550

Poster: Adversarial Defense with Deep Learning Coverage on MagNet's Purification

Leo Hyun Park, Jaewoo Park, Soochang Chung, Jaeuk Kim, Myung Gyo Oh, Taekyoung Kwon

Graduate School of Information

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

MagNet is a defense method that adopts autoencoders to detect and purify adversarial examples. Although MagNet is robust against grey-box and black-box attacks, it is vulnerable to white-box attacks. Despite this prior knowledge, the fundamental reason for and mitigation of the vulnerability of MagNet have not been discussed. We suggest that the challenge of MagNet is the generalization of the data manifold. To explain this, in this work, we leverage deep learning coverage for the reformer of MagNet. We mutate training images through image transformation algorithms and then train the reformer using mutants with new coverage information. The selected mutants provide an interesting data manifold, that cannot be handled by the random noise of MagNet, to the reformer. In grey-box settings, our defense method classified adversarial examples for various perturbation sizes much more accurately than MagNet even with the same architecture. Based on the preliminary result of this work, we consider future work to identify whether the generalization power of deep learning coverage is effective for stronger adversaries and different architectures.

Original language	English
Title of host publication	CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	3439-3441
Number of pages	3
ISBN (Electronic)	9781450394505
DOIs	https://doi.org/10.1145/3548606.3563550
Publication status	Published - 2022 Nov 7
Event	28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 - Los Angeles, United States Duration: 2022 Nov 7 → 2022 Nov 11

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022
Country/Territory	United States
City	Los Angeles
Period	22/11/7 → 22/11/11

Bibliographical note

Funding Information:
This work was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. NRF-2019R1A2C1088802) and this research was supported by Institute for Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government (MSIT) (No.2018-0-00513, Machine Learning Based Automation of Vulnerability Detection on Unix-based Kernel).

Publisher Copyright:
© 2022 Owner/Author.

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications

Access to Document

10.1145/3548606.3563550

Cite this

Park, L. H., Park, J., Chung, S., Kim, J., Oh, M. G., & Kwon, T. (2022). Poster: Adversarial Defense with Deep Learning Coverage on MagNet's Purification. In CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 3439-3441). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3548606.3563550

Park, Leo Hyun ; Park, Jaewoo ; Chung, Soochang et al. / Poster : Adversarial Defense with Deep Learning Coverage on MagNet's Purification. CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2022. pp. 3439-3441 (Proceedings of the ACM Conference on Computer and Communications Security).

@inproceedings{7323575faaf84ddea3ade5bc91c7e6a5,

title = "Poster: Adversarial Defense with Deep Learning Coverage on MagNet's Purification",

abstract = "MagNet is a defense method that adopts autoencoders to detect and purify adversarial examples. Although MagNet is robust against grey-box and black-box attacks, it is vulnerable to white-box attacks. Despite this prior knowledge, the fundamental reason for and mitigation of the vulnerability of MagNet have not been discussed. We suggest that the challenge of MagNet is the generalization of the data manifold. To explain this, in this work, we leverage deep learning coverage for the reformer of MagNet. We mutate training images through image transformation algorithms and then train the reformer using mutants with new coverage information. The selected mutants provide an interesting data manifold, that cannot be handled by the random noise of MagNet, to the reformer. In grey-box settings, our defense method classified adversarial examples for various perturbation sizes much more accurately than MagNet even with the same architecture. Based on the preliminary result of this work, we consider future work to identify whether the generalization power of deep learning coverage is effective for stronger adversaries and different architectures.",

author = "Park, {Leo Hyun} and Jaewoo Park and Soochang Chung and Jaeuk Kim and Oh, {Myung Gyo} and Taekyoung Kwon",

note = "Funding Information: This work was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. NRF-2019R1A2C1088802) and this research was supported by Institute for Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government (MSIT) (No.2018-0-00513, Machine Learning Based Automation of Vulnerability Detection on Unix-based Kernel). Publisher Copyright: {\textcopyright} 2022 Owner/Author.; 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 ; Conference date: 07-11-2022 Through 11-11-2022",

year = "2022",

month = nov,

day = "7",

doi = "10.1145/3548606.3563550",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "3439--3441",

booktitle = "CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security",

}

Park, LH, Park, J, Chung, S, Kim, J, Oh, MG & Kwon, T 2022, Poster: Adversarial Defense with Deep Learning Coverage on MagNet's Purification. in CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 3439-3441, 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, United States, 22/11/7. https://doi.org/10.1145/3548606.3563550

Poster : Adversarial Defense with Deep Learning Coverage on MagNet's Purification. / Park, Leo Hyun; Park, Jaewoo; Chung, Soochang et al.

CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2022. p. 3439-3441 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Poster

T2 - 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022

AU - Park, Leo Hyun

AU - Park, Jaewoo

AU - Chung, Soochang

AU - Kim, Jaeuk

AU - Oh, Myung Gyo

AU - Kwon, Taekyoung

N1 - Funding Information: This work was supported in part by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (No. NRF-2019R1A2C1088802) and this research was supported by Institute for Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government (MSIT) (No.2018-0-00513, Machine Learning Based Automation of Vulnerability Detection on Unix-based Kernel). Publisher Copyright: © 2022 Owner/Author.

PY - 2022/11/7

Y1 - 2022/11/7

N2 - MagNet is a defense method that adopts autoencoders to detect and purify adversarial examples. Although MagNet is robust against grey-box and black-box attacks, it is vulnerable to white-box attacks. Despite this prior knowledge, the fundamental reason for and mitigation of the vulnerability of MagNet have not been discussed. We suggest that the challenge of MagNet is the generalization of the data manifold. To explain this, in this work, we leverage deep learning coverage for the reformer of MagNet. We mutate training images through image transformation algorithms and then train the reformer using mutants with new coverage information. The selected mutants provide an interesting data manifold, that cannot be handled by the random noise of MagNet, to the reformer. In grey-box settings, our defense method classified adversarial examples for various perturbation sizes much more accurately than MagNet even with the same architecture. Based on the preliminary result of this work, we consider future work to identify whether the generalization power of deep learning coverage is effective for stronger adversaries and different architectures.

AB - MagNet is a defense method that adopts autoencoders to detect and purify adversarial examples. Although MagNet is robust against grey-box and black-box attacks, it is vulnerable to white-box attacks. Despite this prior knowledge, the fundamental reason for and mitigation of the vulnerability of MagNet have not been discussed. We suggest that the challenge of MagNet is the generalization of the data manifold. To explain this, in this work, we leverage deep learning coverage for the reformer of MagNet. We mutate training images through image transformation algorithms and then train the reformer using mutants with new coverage information. The selected mutants provide an interesting data manifold, that cannot be handled by the random noise of MagNet, to the reformer. In grey-box settings, our defense method classified adversarial examples for various perturbation sizes much more accurately than MagNet even with the same architecture. Based on the preliminary result of this work, we consider future work to identify whether the generalization power of deep learning coverage is effective for stronger adversaries and different architectures.

UR - http://www.scopus.com/inward/record.url?scp=85143063646&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85143063646&partnerID=8YFLogxK

U2 - 10.1145/3548606.3563550

DO - 10.1145/3548606.3563550

M3 - Conference contribution

AN - SCOPUS:85143063646

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 3439

EP - 3441

BT - CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

Y2 - 7 November 2022 through 11 November 2022

ER -

Park LH, Park J, Chung S, Kim J, Oh MG, Kwon T. Poster: Adversarial Defense with Deep Learning Coverage on MagNet's Purification. In CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2022. p. 3439-3441. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/3548606.3563550

Poster: Adversarial Defense with Deep Learning Coverage on MagNet's Purification

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this