Abstract
Deep Learning (DL) is rapidly maturing to the point that it can be used in safety- and security-crucial applications. However, adversarial samples, which are undetectable to the human eye, pose a serious threat that can cause the model to misbehave and compromise the performance of such applications. Addressing the robustness of DL models has become crucial to understanding and defending against adversarial attacks. In this study, we perform comprehensive experiments to examine the effect of adversarial attacks and defenses on various model architectures across well-known datasets. Our research focuses on black-box attacks such as SimBA, HopSkipJump, MGAAttack, and boundary attacks, as well as preprocessor-based defensive mechanisms, including bits squeezing, median smoothing, and JPEG filter. Experimenting with various models, our results demonstrate that the level of noise needed for the attack increases as the number of layers increases. Moreover, the attack success rate decreases as the number of layers increases. This indicates that model complexity and robustness have a significant relationship. Investigating the diversity and robustness relationship, our experiments with diverse models show that having a large number of parameters does not imply higher robustness. Our experiments extend to show the effects of the training dataset on model robustness. Using various datasets such as ImageNet-1000, CIFAR-100, and CIFAR-10 are used to evaluate the black-box attacks. Considering the multiple dimensions of our analysis, e.g., model complexity and training dataset, we examined the behavior of black-box attacks when models apply defenses. Our results show that applying defense strategies can significantly reduce attack effectiveness. This research provides in-depth analysis and insight into the robustness of DL models against various attacks, and defenses.
Abstract (translated)
深度学习(DL)正在迅速成熟,以至于它可用于关键的安全和安保应用。然而,对于人类肉眼无法检测的对抗样本,它们对模型行为的威胁是严重的,可能导致模型表现不佳并危及此类应用的性能。解决DL模型的稳健性变得至关重要,以理解并防御对抗攻击。在这项研究中,我们对各种知名数据集进行了全面的实验,以研究对抗攻击和防御对各种模型架构的影响。我们的研究重点关注黑盒攻击,如SimBA、HopSkipJump、MGAAttack和边界攻击,以及基于预处理器的防御机制,包括比特挤缩、中值平滑和JPEG滤波器。通过实验各种模型,我们的结果表明,攻击所需的噪声水平随着层数的增加而增加。此外,随着层数的增加,攻击成功率下降。这表明模型复杂性和稳健性之间存在显著关系。研究了多样性与稳健性之间的关系,我们用各种模型进行实验,发现具有大量参数并不一定意味着更高的稳健性。我们的实验还扩展到研究训练数据对模型稳健性的影响。使用各种数据集,如ImageNet-1000、CIFAR-100和CIFAR-10,对黑盒攻击进行了评估。考虑到我们的分析的多个方面,例如模型复杂性和训练数据,我们研究了当模型应用防御策略时,黑盒攻击的行为。我们的结果表明,应用防御策略可以显著降低攻击的有效性。这项研究深入探讨了DL模型对各种攻击和防御的稳健性,以及它们之间的关系。
URL
https://arxiv.org/abs/2405.01963