Dual-Domain-Based Adversarial Defense With Conditional VAE and Bayesian Network

Adversarial examples can be imperceptible to human eyes but can easily fool deep models. Such intrigue property has raised security issues for real-world industrial deep learning systems. To combat those malicious attacks, a novel defense strategy has been proposed based on the conditional variational autoencoder (CVAE) and Bayesian network (BN). The main contribution lies in the provided systematic dual-domain-based defense framework, which covers three modules named detection, diagnosis, and recovery. Specifically, the CVAE is first introduced for latent- and residual-domain generation. Subsequently, a composite and hierarchical BN detector is proposed to conduct the adversary detection through feature validation and output justification. Afterwards, a diagnosis strategy has been constructed for residual domain and different attacks can be evaluated in the unified framework. Finally, a two-step recovery mechanism is established on the CVAE that can effectively restore the feature representations and the network predictions from various adversaries. The feasibility of the entire defense diagram has been extensively demonstrated on three real-world recognition problems.

[1]  Kevin Gimpel,et al.  Early Methods for Detecting Adversarial Images , 2016, ICLR.

[2]  Zhiqiang Ge,et al.  Distributed Parallel PCA for Modeling and Monitoring of Large-Scale Plant-Wide Processes With Big Data , 2017, IEEE Transactions on Industrial Informatics.

[3]  Philip S. Yu,et al.  Distributed Deep Learning Model for Intelligent Video Surveillance Systems with Edge Computing , 2019, IEEE Transactions on Industrial Informatics.

[4]  Eduardo Valle,et al.  Exploring the space of adversarial images , 2015, 2016 International Joint Conference on Neural Networks (IJCNN).

[5]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[6]  Ryan R. Curtin,et al.  Detecting Adversarial Samples from Artifacts , 2017, ArXiv.

[7]  Chen Zhao,et al.  Three-Layer Bayesian Network for Classification of Complex Power Quality Disturbances , 2018, IEEE Transactions on Industrial Informatics.

[8]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[9]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[10]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[11]  Tara Javidi,et al.  Safe Machine Learning and Defeating Adversarial Attacks , 2018, IEEE Security & Privacy.

[12]  Ajmal Mian,et al.  Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey , 2018, IEEE Access.

[13]  Jianhua Li,et al.  Service Popularity-Based Smart Resources Partitioning for Fog Computing-Enabled Industrial Internet of Things , 2018, IEEE Transactions on Industrial Informatics.

[14]  Bir Bhanu,et al.  Dynamic Bayesian Networks for Vehicle Classification in Video , 2012, IEEE Transactions on Industrial Informatics.

[15]  Max Welling,et al.  Auto-Encoding Variational Bayes , 2013, ICLR.

[16]  Yoshua Bengio,et al.  Gradient-based learning applied to document recognition , 1998, Proc. IEEE.

[17]  Hao Chen,et al.  MagNet: A Two-Pronged Defense against Adversarial Examples , 2017, CCS.

[18]  Mianxiong Dong,et al.  Toward Intelligent Detection Modelling for Adversarial Samples in Convolutional Neural Networks , 2018, 2018 IEEE 23rd International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD).

[19]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[20]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[21]  Johannes Stallkamp,et al.  Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition , 2012, Neural Networks.

[22]  Nir Friedman,et al.  Probabilistic Graphical Models - Principles and Techniques , 2009 .

[23]  Jianqiang Wang,et al.  Object Classification Using CNN-Based Fusion of Vision and LIDAR in Autonomous Vehicle Environment , 2018, IEEE Transactions on Industrial Informatics.

[24]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[25]  Lianbing Deng,et al.  Intelligent Transportation System in Macao Based on Deep Self-Coding Learning , 2018, IEEE Transactions on Industrial Informatics.

[26]  Jian Sun,et al.  Delving Deep into Rectifiers: Surpassing Human-Level Performance on ImageNet Classification , 2015, 2015 IEEE International Conference on Computer Vision (ICCV).

[27]  Fabio Roli,et al.  Wild Patterns: Ten Years After the Rise of Adversarial Machine Learning , 2018, CCS.

[28]  Zhiqiang Ge,et al.  Review and big data perspectives on robust data mining approaches for industrial process modeling with outliers and missing data , 2018, Annu. Rev. Control..

[29]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[30]  Pan He,et al.  Adversarial Examples: Attacks and Defenses for Deep Learning , 2017, IEEE Transactions on Neural Networks and Learning Systems.

[31]  Rama Chellappa,et al.  Defense-GAN: Protecting Classifiers Against Adversarial Attacks Using Generative Models , 2018, ICLR.

[32]  Andrew Y. Ng,et al.  Reading Digits in Natural Images with Unsupervised Feature Learning , 2011 .