Adversarial Attacks for Image Segmentation on Multiple Lightweight Models
Due to the powerful ability of data fitting, deep neural networks have been applied in a wide range of applications in many key areas. However, in recent years, it was found that some adversarial samples easily fool the deep neural networks. These input samples are generated by adding a few small pe...
Main Authors: | , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2020-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/8990068/ |
id |
doaj-53469d0d740a4de8931d65de94bbbf6f |
---|---|
record_format |
Article |
spelling |
doaj-53469d0d740a4de8931d65de94bbbf6f2021-03-30T01:26:41ZengIEEEIEEE Access2169-35362020-01-018313593137010.1109/ACCESS.2020.29730698990068Adversarial Attacks for Image Segmentation on Multiple Lightweight ModelsXu Kang0https://orcid.org/0000-0003-1733-3525Bin Song1https://orcid.org/0000-0002-8096-3370Xiaojiang Du2https://orcid.org/0000-0003-4235-9671Mohsen Guizani3https://orcid.org/0000-0002-8972-8094State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an, ChinaState Key Laboratory of Integrated Services Networks, Xidian University, Xi’an, ChinaDepartment of Computer and Information Sciences, Temple University, Philadelphia, PA, USADepartment of Computer Science and Engineering, Qatar University, Doha, QatarDue to the powerful ability of data fitting, deep neural networks have been applied in a wide range of applications in many key areas. However, in recent years, it was found that some adversarial samples easily fool the deep neural networks. These input samples are generated by adding a few small perturbations based on the original sample, making a very significant influence on the decision of the target model in the case of not being perceived. Image segmentation is one of the most important technologies in the medical image and automatic driving field. This paper mainly explores the security of deep neural network models based on the image segmentation tasks. Two lightweight image segmentation models on the embedded device suffered from the white-box attack by using local perturbations and universal perturbations. The perturbations are generated indirectly by a noise function and an intermediate variable so that the gradient of pixels can be propagated unlimitedly. Through experiments, we find that different models have different blind spots, and the adversarial samples trained for a single model have no transferability. In the end, multiple models are attacked by our joint learning. Finally, under the constraint of low perturbation, most of the pixels in the attacked area have been misclassified by both lightweight models. The experimental result shows that the proposed adversary is more likely to affect the performance of the segmentation model compared with the FGSM.https://ieeexplore.ieee.org/document/8990068/Adversarial samplesimage segmentationjoint learningmulti-model attackperturbations |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Xu Kang Bin Song Xiaojiang Du Mohsen Guizani |
spellingShingle |
Xu Kang Bin Song Xiaojiang Du Mohsen Guizani Adversarial Attacks for Image Segmentation on Multiple Lightweight Models IEEE Access Adversarial samples image segmentation joint learning multi-model attack perturbations |
author_facet |
Xu Kang Bin Song Xiaojiang Du Mohsen Guizani |
author_sort |
Xu Kang |
title |
Adversarial Attacks for Image Segmentation on Multiple Lightweight Models |
title_short |
Adversarial Attacks for Image Segmentation on Multiple Lightweight Models |
title_full |
Adversarial Attacks for Image Segmentation on Multiple Lightweight Models |
title_fullStr |
Adversarial Attacks for Image Segmentation on Multiple Lightweight Models |
title_full_unstemmed |
Adversarial Attacks for Image Segmentation on Multiple Lightweight Models |
title_sort |
adversarial attacks for image segmentation on multiple lightweight models |
publisher |
IEEE |
series |
IEEE Access |
issn |
2169-3536 |
publishDate |
2020-01-01 |
description |
Due to the powerful ability of data fitting, deep neural networks have been applied in a wide range of applications in many key areas. However, in recent years, it was found that some adversarial samples easily fool the deep neural networks. These input samples are generated by adding a few small perturbations based on the original sample, making a very significant influence on the decision of the target model in the case of not being perceived. Image segmentation is one of the most important technologies in the medical image and automatic driving field. This paper mainly explores the security of deep neural network models based on the image segmentation tasks. Two lightweight image segmentation models on the embedded device suffered from the white-box attack by using local perturbations and universal perturbations. The perturbations are generated indirectly by a noise function and an intermediate variable so that the gradient of pixels can be propagated unlimitedly. Through experiments, we find that different models have different blind spots, and the adversarial samples trained for a single model have no transferability. In the end, multiple models are attacked by our joint learning. Finally, under the constraint of low perturbation, most of the pixels in the attacked area have been misclassified by both lightweight models. The experimental result shows that the proposed adversary is more likely to affect the performance of the segmentation model compared with the FGSM. |
topic |
Adversarial samples image segmentation joint learning multi-model attack perturbations |
url |
https://ieeexplore.ieee.org/document/8990068/ |
work_keys_str_mv |
AT xukang adversarialattacksforimagesegmentationonmultiplelightweightmodels AT binsong adversarialattacksforimagesegmentationonmultiplelightweightmodels AT xiaojiangdu adversarialattacksforimagesegmentationonmultiplelightweightmodels AT mohsenguizani adversarialattacksforimagesegmentationonmultiplelightweightmodels |
_version_ |
1724187015299203072 |