Identyfikatory
Warianty tytułu
Kiedy sztuczna inteligencja nie widzi : wyzwanie antagonistycznych wstawek
Języki publikacji
Abstrakty
Object detection, a key application of machine learning in image processing, has achieved significant success thanks to advances in deep learning [6]. In this paper, we focus on analysing the vulnerability of one of the leading object detection models, YOLOv5x [14], to adversarial attacks using specially designed interference known as „adversarial patches” [4]. These disturbances, while often visible, have the ability to confuse the model, which can have serious consequences in real world applications. We present a methodology for generating these interferences using various techniques and algorithms, and we analyse their effectiveness in various conditions. In addition, we discuss potential defences against these types of attacks and emphasise the importance of security research in the context of the growing popularity of ML technology [13]. Our results indicate the need for further research in this area, bearing in mind the evolution of adversarial attacks and their impact on the future of ML technology.
Wykrywanie obiektów to kluczowe zastosowanie algorytmów uczenia maszynowego w przetwarzaniu obrazu, które odniosło znaczący sukces dzięki postępom w głębokim uczeniu. W artykule przedstawiono analizę podatności jednego z wiodących modeli wykrywania obiektów, YOLOv5x, na ataki z wykorzystaniem specjalnie zaprojektowanych zakłóceń, znanych jako antagonistyczne wstawki. Omówiono metodę generowania antagonistycznych wstawek z wykorzystaniem różnych algorytmów i ich skuteczność w różnych warunkach. Ponadto przedstawiono potencjalne mechanizmy obronne przed tego typu atakami. Uzyskane wyniki wskazują na potrzebę dalszych badań w tym obszarze, w szczególności biorąc pod uwagę rozwój obszaru antagonistycznego uczenia maszynowego.
Czasopismo
Rocznik
Tom
Strony
39--44
Opis fizyczny
Bibliogr. 21 poz., il.
Twórcy
autor
- Military University of Technology, Faculty of Cybernetics, Kaliskiego Str. 2, 00-908 Warsaw, Poland
autor
- Military University of Technology, Faculty of Cybernetics, Kaliskiego Str. 2, 00-908 Warsaw, Poland
Bibliografia
- [1] Alshahrani E., Alghazzawi D., Alotaibi R. M. Rabie O., „Adversarial attacks against supervised machine learning based network intrusion detection systems”, PLoS ONE, 17(10): e0275971 (2022).
- [2] Apruzzese G., Conti M., Yuan Y., „SpacePhish: The evasion-space of adversarial attacks against phishing website detectors using machine learning”, ACM Digital Library, 2022.
- [3] Biggio B., Roli F., “Wild patterns: Ten years after the rise of adversarial machine learning”, Pattern Recognition, vol. 84, 317-331 (2018).
- [4] Brown T. B., Man’e, D., Roy A., Abadi M., Gilmer J., „Adversarial patch”, arXiv preprint arXiv:1712.09665, 2017.
- [5] Evtimov I., Eykholt K., Fernandes E., Kohno T., Li B., Prakash A., Rahmati A., Song D., „Robust physical-world attacks on deep learning visual classification”, Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1625-1634, IEEE, 2018.
- [6] Girshick R., Donahue J., Darrell T., Malik J., „Rich feature hierarchies for accurate object detection and semantic segmentation”, 2014 IEEE Conference on Computer Vision and Pattern Recognition, pp. 580-587, IEEE, 2014.
- [7] Goodfellow I. J., Shlens J., Szegedy C., „Explaining and harnessing adversarial examples”, arXiv preprint arXiv:1412.6572, 2014.
- [8] Hasler D., Susstrunk S., „Measuring colorfulness in natural images”, Proceedings of SPIE, vol. 5007 (2003).
- [9] He K., Gkioxari G., Dollár P., Girshick R., „Mask R-CNN”, Proceedings of the IEEE International Conference on Computer Vision, pp. 2961-2969, IEEE, 2017.
- [10] Lin T.Y., Maire M., Belongie S., Hays J., Perona P., Ramanan D., Dollár P.,
- Zitnick C.L., „Microsoft COCO: Common Objects in Context”, [in:] Computer Vision - ECCV 2014, pp. 740-755, Springer, 2014.
- [11] Lou W., „Fortifying your defenses: Techniques to thwart adversarial attacks and boost performance of machine learning-based intrusion detection systems”, ACM Digital Library, 2023.
- [12] Nowroozi E., Mohammadi M., Savas, E., Mekdad Y., Conti M., „Employing deep ensemble learning for improving the security of computer networks against adversarial attacks”, IEEE Transactions on Network and Service Management, PP(99):1-1, 2022.
- [13] Papernot N., McDaniel P., Goodfellow I., Jha S., Celik Z.B., Swami A., „Practical black-box attacks against machine learning”, pp. 506-519, ACM, 2016.
- [14] Redmon J., Divvala S., Girshick R., Farhadi A., „You only look once: Unified, real-time object detection”, 2016 IEEE Conference on Computer Vision and Pattern Recognition, IEEE, 2016.
- [15] Sharif M., Bhagavatula S., Bauer L., Reiter M. K., „Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition”, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1528-1540, ACM, 2016.
- [16] Song C., Eykholt K., Evtimov I., Fernandes E., Li B., Rahmati A., Xiao C., Prakash A., Kohno T., „Physical adversarial examples for object detectors”, 12th Workshop on Offensive Technologies (WOOT’18), Baltimore, USA, 2018.
- [17] Szegedy C., Zaremba W., Sutskever I., Bruna J., Erhan D., Goodfellow I., Fergus R., „Intriguing properties of neural networks”, arXiv preprint arXiv:1312.6199, 2013.
- [18] Tarsała P., Kasprzyk R., „Deep Learning Algorithms in Computer Vision”, Proceedings of the 37th International Business Information Management Association (IBIMA), pp. 11147-11155, ISBN: 978-0-9998551-6-4, 30-31 May 2021, Cordoba, Spain.
- [19] Tymoszuk Ł, Kasprzyk R., „Adversarial Machine Learning as A Forerunner of Future Wars on Algorithms”, Proceedings of the 37th International Business Information Management Association (IBIMA), pp. 11165-11176, ISBN: 978-0-9998551-6-4, 30-31 May 2021, Cordoba, Spain.
- [20] Zimoń M., Kasprzyk R., „Yet another research on GANs in cybersecurity”, Cybersecurity and Law, vol. 9(1), 61-72 (2023).
- [21] Zimoń M., Kasprzyk R., „Digital revolution and cyber threats as its consequence”, Proceedings of the 38th International Business Information Management Association (IBIMA), pp. 7750-7755, ISBN: 978-0-9998551-7-1, 23-24 November 2021, Seville, Spain.
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-f2ad2461-1d9a-43db-937f-6a55d4490ca0